“Trickbot” is a new strain of malware that is often a precursor to ransomware attacks that have been targeting businesses across the globe. RFLG’s cyber team has seen an increased number of ransomware attacks. We are projecting that these attacks will dramatically increase over the holiday season.
This type of malware is most often installed when a user downloads files from untrusted sources. The downloads can come from email or the web, and often are disguised as macro-enabled Microsoft Word documents. Another tactic is to use malicious email links embedded in emails. Once on the system, malicious actors have the ability to steal banking information from your browser, usernames and passwords, as well as emails and address lists from Outlook.
What you should do
- Do Not Click Links or Open Any Attachments You Are Not Expecting. If you are not expecting a specific attachment, do not open it for review. Additionally, do not click links within emails if you are not expecting them. Follow up with a phone call to the sender directly, better to be safe than sorry!
- Use Proper Email Security. Always verify that the emails you receive are from legitimate and trusted sources. Inspect the from addresses closely, and be wary of downloading any files that you’re not already expecting.
- Use Proper Web Security. Only download files from known and trusted websites. Verify that the URL is not intentionally misspelled to confuse you into downloading malware from a malicious website.
- Disable Office Macros. Macros in Microsoft Office are small pieces of code that run in the background – that code often downloads malware. It’s rare to see macro-enabled Office documents used in normal business (.docm and .xlsx files). We recommend disabling macros on all computers to prevent ransomware infection.
- Perform Backups. Often the best recovery option for ransomware is restoration from backup. Ensure your organization is performing daily backups on all systems in the event that restoration is required.
- Educate Your Employees. Ensure your employees are aware of this alert to help remind them to stay vigilant. Remember, a single employee’s actions can infect an entire network!
If you have any concerns that your company has been infected with malware please reach out to me for assistance.