Latest ransom emails causing distress to recipients – make sure you take the right action!
Emails demanding ransom money in order to prevent them spreading that recipients have been visiting adult sites, appear to be on the increase.
These vile emails threaten to reveal your activity to contacts unless you send money to the sender.
Clearly such an email can be worrying even for the most innocent of users and can put everything into question, especially those that include personal information, such as a password.
The answer is, don’t panic, but take action – now.
Even though they may have obtained a password or other confidential information from one of the many data breaches that have happened, they really don’t have any evidence of your activity and it is a scam.
Don’t reply to them and don’t try to pay them anything.
If they have included a password on your email, it is likely it has been obtained from one of many data breaches. If you have had a legitimate email from someone like Adobe or LinkedIn to change your password and haven’t, that is because they lost vast numbers of logins and passwords so you need to change them (and you can often add extra levels of security such as adding mobile numbers to check when you change passwords etc, or notify you of new login locations). You can check if your email address was included in a breach by going to this site: https://haveibeenpwned.com and entering in your email address.
The likelihood is that your address will appear to show your details have been lost – yet again, don’t panic as millions of people’s information have been lost/stolen, including ours. If you recognise any of the sites in the list, make sure you change your passwords on them. Also if you have used the same password elsewhere, we would advise you to change them too.
With passwords, please try to use a ‘strong’ password and use different passwords on different sites. You can use a password manager like https://www.lastpass.com to keep a record of them all and that site also has a secure password generator (https://www.lastpass.com/password-generator). Google Chrome has integrated password management with Smart Lock.
If a ransom email to you includes any bank details, make sure your online accounts are secure and speak to your bank if you are at all concerned.
Remember to keep your computer updated and running up to date security software. We would advise not to rely on Microsoft Security Essentials or Windows Defender and also to employ spam filters.
This is especially important for businesses who rely on employees to keep a computer updated – owners should ensure this is done across the board by speaking to their IT company and putting something in place. Statistics appear to show that businesses haven’t reacted to the WannaCry and other ransomware outbreaks to take these first basic security steps.
For businesses, we strongly suggest you use corporate security software that reports centrally so any issues are reported and can be actioned – don’t rely on a terrified employee reporting it to you. Bear in mind that these emails won’t be flagged as viruses, so you might want to make sure all your employees are aware of the latest outbreaks – these have included in the past pretending to be emails from other employees asking for money to be transferred to specified bank accounts.
Taking it further, if you are a business and want to ensure your employees can’t access adult, gambling or other sites, you can use content filtering software or hardware to prevent this, in line with your acceptable use policies.
We always recommend multi-layer security which includes our offering of Avast Business CloudCare, which includes traditional antivirus, secondary security modules and optional content filtering, combined with centralised control and monitoring.
There are already a number of variations on the email detailed in the article and again, we received one of the simpler versions without personal details a while ago.
Please make sure everyone you know is aware of this scam and don’t let them worry needlessly.