In the last article I explained the methodology of ransomware. The major distribution technique for this type of malware is through email. In almost all recent cases, the file types involved in ransomware have been Word DOCs, Adobe PDFs and graphics files.
In many cases, individuals don’t open attachments from unexpected sources unthinkingly – they are concerned or curious about the contents of the attachments. The criminals involved in this type of threat are very good at the social engineering of their emails that they use to convince even experienced business executives to open the attachments and, thus, allow the malware to execute. Even with media warnings about this type of malware, individuals still open unexpected files purporting to be invoices or e-tickets because they are concerned that this is something that is important to them in some way. Hackers know that curiosity and financial issues are strong incentives to us humans.
As it turns out in many cases, once the recipient sees the actual content/text/image of the attachments, they realize (in most cases, too late) that the document is not relevant to them – it is spam or a hoax or involves something unknown to them. So, if you can see the document or image in question in a “safe” and non-vulnerable application, you will be able to determine its relevance – and decide to delete it or if you need to open it in Word or Excel or PowerPoint, etc.
If we can look at the text of the document or an image in a safe environment, we will be able to read it with our normal critical review and, thus, mitigate a lot of the ransomware risk.
Most folks have been exposed to warnings and articles about how to protect yourself from this type of malware — keep current and protected back-ups, keep anti-virus apps updated, don’t open suspicious documents. The reality is that most people want to open the file to see if it is important to them. The objective of this article is to suggest a simple and safe process to open attachments and files that are suspicious and/or unexpected without endangering your system. Here it is.
Google provides both their Drive and Docs/Sheets/Slides applications free to us. These applications are web based and the files are opened in the Google Drive space (the cloud) and not on your device. Files on the Google Drive can be opened with web-based Preview, Docs, and PDF applications. So if you are a Gmail user, rather than downloading an unexpected file immediately onto you device, it is easy to either open the file with Docs (if it is a Word/Excel/PowerPoint file) or upload it to Drive and open it there with Preview. In this way you can look at the file without risk of it infecting your device. If the email insists that the attachment will not work if it is opened online, this is a big red flag of danger. Don’t open it on your machine! Once you look at the image or document on the Drive, only download it if the content looks legit.
If the file is on Drive and you are suspicious of it and you want to share just the text or image of it with others for their opinion, you can use Drive to safely convert and download it as a PDF, RTF, or text file. In these forms produced by Drive, the file text or image can be shared without any potential embedded exploit.
The other benefit of this approach is that Google provides free file scanning before the file is downloaded. So if this file has been seen before and tagged as malicious by Google anti-virus service, it will not be downloaded.
Virus scanning: Google Drive scans a file for viruses before the file is downloaded or shared. If a virus is detected, users can’t share the file with others, send the infected file via email, or convert it to a Google Doc, Sheet, or Slide, and they’ll receive a warning if they attempt these operations. The owner can download the virus-infected file, but only after acknowledging the risk of doing so.
For folks that are on business enterprise systems and use Exchange for email, this approach is a bit more intrusive – but still effective. You need to setup a free Google Drive account and upload any suspicious files to the Drive and then open them there before opening them on your device in Word/Excel/Adobe Reader/etc. Don’t open the original file on your system until you are satisfied the contents are appropriate to you and your job. For example, if the invoice looks strange and you want to get another opinion, download it from Drive as a PDF file or print it and advise your IT team that you have a suspicious file.
Once you get familiar with Drive and the simple mechanics of up and down loading, this is a simple and quick process – well worth trying.
So here is my suggestion to help reduce your exposure to ransomware:
- Only open unknown/unexpected files using Google Docs or Preview
So how many folks open phishing emails? Data from Verizon’s test security report: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016:
Phishing is on the rise. 30% of phishing emails are opened. And about 12% of targets go on to click the link or attachment.
This is a good practice if you are worried that an email is dangerous. If you do follow this approach and find that it is probably malware, I suggest you report the email message as spam to Google (“report a phishing spam”) and help block it going to others.