Friday, October 18, 2013

The future of malware - Google Apps protects you

In the last few weeks, a relatively new "ransomware" package has been making its way through the world's computer systems, spreading via email. The email messages where the malware lives appear to come from legitimate sources (banks, accountants, and more) but are really just highly sophisticated phishing messages.

Of course, your best course of action if you aren't expecting a message to have an attachment is always to not open that attachment and instead call the sender directly to verify it. While Google has very, very good spam and phishing detection, it's not perfect, and the last line of defense is you.

The message you'll see once your files are encrypted.
The malware, called CryptoLocker, works by scanning your computer and any network shares for a huge variety of files, including Office documents, pictures, PDFs, and Outlook PST files, among others, and then encrypting them with a nigh-unbreakable 2048-bit RSA encryption key. Once the encryption process is complete, you'll be presented with the message above, demanding a $300 payout to unlock your files and warning you that attempting to remove the software will immediately destroy the private key stored on the remote server.

According to a number of posters on a month-old reddit thread detailing the malware, paying the $300 ransom does work and you will be provided with a key that will decrypt all your files.

The advantage of Google Apps

But it would be much easier to simply not have to worry about this kind of thing at all, wouldn't it? Thankfully, Google Apps protects you from this kind of attack by blocking the sending or receiving of any and all .exe files, even those contained in archived zip files. The best defense is, as always, staying vigilant, but it's nice to know that you don't have to worry about opening any suspicious .exe files, since Google stops them from ever getting to you.

Can your current email system do that? If it can't, it might be time to consider switching to one that allows you to focus on the important things and not worry about whether or not every message you receive contains a hidden malware payload.