Ransomware is a type of malware used for hijacking data in which the attacker encrypts data making it inaccessible and demands payment for the decryption key. It installs covertly on a computer, typically carried out using a Trojan (a type of virus) disguised as a legitimate file, which is spread through email attachments, infected programs and compromised websites. Typical names of Ransomware are Locky, Cryptolocker and Cryptowall and if they infect your computer, you are likely to be pressured or tricked into making a payment.
If you are unsure of a link in a website or email, you can usually check whether the connection is genuine by hovering over it with your mouse and reading what it says. For example, look at these two links: shu.ac.uk or shu.ac.uk. They both look credible, but the first is legitimate and goes to the SHU external website and the second goes to the Microsoft pages on ransomware. Watch out for links that contain almost similar names with perhaps a dot, hyphen or letter difference.
Fraudsters who make attempts like this keep improving their methods and will sometimes invest time and effort in targeting potential victims directly. We have been warned recently by South Yorkshire Police of a scam currently circulating (see below) so please be on your guard for similar attempts.
Summary of phishing scam operating in South Yorkshire area
We have had reports of fraudsters calling education establishments, claiming to be from the Department of Education. They then ask to be given the personal email and/or phone number of the head teacher/financial administrator. The fraudsters claim that they need to send guidance forms to key people in the organisation (these so far have varied from exam guidance to mental health assessments). The scammers on the phone will claim that they need to send these documents directly to a particular contact and not to a generic school inbox, using the argument that they contain sensitive information. The emails will include an attachment – a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware that, once downloaded, will encrypt files and demand money to recover the files. Similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers .
For more information about how to deal with suspicious emails and phishing attempts, please see our IT security blog or visit the IT self-help pages of the staff intranet.