Be Resilient not Vulnerable to Ransomware Emails

Written by javariya | Published 2020/04/17
Tech Story Tags: ransomware | cyber-security | scam | email-attacks | data-breach | data-privacy | data-security | password-security | web-monetization

TLDR Software Engineer by profession, Cybersecurity enthusiast and have passion for continuous learning. He received an email a couple of days ago and it was a ransomware scam. The email was this: "My only concern, for myself, was the password. The password was not associated with this email and I couldn’t remember using this combination at some point of time at some site. Clearly, it was not my system but the site at which I used this email- password combination got hacked and their data got leaked.via the TL;DR App

I received an email a couple of days ago and it was a ransomware scam. I have received several scam emails before and I am sure you also have been offered to claim your inheritance somewhere in Africa. But this has something which made my heart stop for a teeny tiny moment.

The subject was one of my email accounts and a password. I started reading it and then checked the date. No, it was not April fool’s day, to be exact, it was 10th of April, 2020. The email was this:
My only concern, for myself, was the password. I never use this email account or the password stated, often. The password was not associated with this email and I couldn’t remember using this combination. But I must have used this particular combination of email and password at some point of time at some site. Clearly, it was not my system but the site at which I used this email- password combination got hacked and their data got leaked.

Why I was sure of my safety and not concerned:

1. I searched and found emails with exact wordings, surfacing the internet since 2018.
2. The hacked password is no more in use.
3. I don’t visit the websites which are not secure.
4. I always have my webcam taped so, no one could remotely access my webcam.
5. I regularly check my browser settings and try to opt those which provides more privacy and security while browsing.
6. I do not download software from unverified/ unknown sources.
7. I don’t allow popups/ ads on my browser.
8. I have my firewall up, system patched.
9. Anti- malware program detected no malicious file.
10. I use strong passwords, change the defaults and avoid repeating them on multiple sites.
11. I have backup of my important files. I don’t have highly confidential file on my PC but if I had, I would password protect it or encrypt it.
12. I don’t accept free offers from unknown sources or if the company has not made it official.
13. I don’t give my payment/ card or any personal information mere to get access to any site.
However, I was worried to a great degree when I thought about the people who might have fell prey to this scam. How many got scared and how many people might have actually paid the ransom.
Remember, such emails are a scam, even if they have got any of your password. Most probably, the password they got their hands on was one which you used at some extra service site.
Never use your email account passwords or your system passwords at extra service sites. Here are my humble suggestions if you find yourself in this situation or there are sure indications that your system is behaving in weird (or hacked) way .

What you should do:

1. Scan your system with a reputable anti-virus/ anti malware program to know if any malicious file exists ( you can use either paid or free versions of Avast, Malwarebytes, kaspersky etc).
2. You should check your processes and services in task manager. If you find any unfamiliar application running, remove it.
3.  If you suspect any file to be harmful, scan it with online tool VirusTotal. You can also scan suspected URLs with it before clicking them.
4. Change your account and system passwords.
5. Enable multi-factor authentication.
6. You can see if your account has been part of any data breach at haveibeenpwned.com or at FireFox Monitor. I highly recommend FireFox Monitor, it has useful information and tips to be safe on Internet.
7. If you use chrome, it also has a cleanup tool in advanced settings. It can be used to detect and remove malicious program residing in your system.
8. Make a backup of your files.
9. If your system is hacked, restore it completely.

And now some non-technical, humanly advice:

Please, do not panic! Panic decreases our ability to think clearly. Always speak about it with someone you trust. Never get blackmailed by any one, no matter what.
The people who actually love you and value you will never leave or bully you. You always have second chances in your life. You just need to gather your strength, put little effort, move on and Voila! You have it.
It is heartbreaking to know that in this time of crisis in the world with COVID-19, the hackers and opportunists are unstoppable. Rather, the cyber security incidents are on rise. Please, stay safe and try to be a step ahead of hackers!
Feel free to add in your suggestions if I have missed anything in my list.
(Originally published here)
Written by javariya | Software Engineer by profession, Cybersecurity enthusiast and have passion for continuous learning.
Published by HackerNoon on 2020/04/17
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy