A new ransomware attack that encrypts a PC's files and then extorts money in order to receive the decryption key is one of the latest threats to illustrate the dangers faced by social engineering attacks that target less tech-savvy internet users.
It has been said to affect Windows machines in Australia, with it targeting many commonly-used file types for documents, images and videos, among others. Users are asked to pay a minimum of AU$450 (£229) to retrieve their files, with this rising to AU$1,000 if it is not paid in a timely manner.
The malware has also been gaining attention because it is themed around hit US TV show Breaking Bad. The ransom demand displayed by the attack uses branding from the fictional 'Los Pollos Hermanos' fried chicken chain that features in the show, while the email address users are told to contact for more information refers to 'theonewhoknocks' - based on a quote by the show's protagonist Walter White.
Symantec, which reported the issue, observed that the ransomware takes advantage of social engineering tactics as a means of infecting PCs. The company stated: "The malware arrives through a malicious zip archive, which uses the name of a major courier firm in its file name. This zip archive contains a malicious file called 'PENALTY.VBS' (VBS.Downloader.Trojan) which when executed, downloads the crypto ransomware onto the victim’s computer."
This therefore illustrates how many systems may be vulnerable to attacks by malware as a result of user activity. Despite frequent warnings from IT departments and security experts, risky behaviour such as opening unverified attachments is difficult to eliminate completely, especially as hackers develop more sophisticated ways to hide their true intentions and convince users they are legitimate.
A recent BBC report revealed how much effort some of their fraudsters put into fooling people, and highlighted how it is a problem that takes place around the world. The news organisation spoke to criminals in Ghana who have become so prolific they are able to operate openly and flaunt the proceeds of their activities.
One fraudster explained how they "have to be patient, smart, fast and cultivate trust" in order to trap their victims, and use a variety of different techniques.
Some foster romantic connections with their victims, posing as young women before convincing their targets to send money. Others pretend to have concessions in gold, timber, securities or oil to persuade people to hand over money for their fake business arrangements.
None of these tactics are new and internet users have been advised for many years to be alert for suspicious activity when they go online. But the fact fraudsters are still able to be successful with them illustrates that more must be done to educate users about the risk.
This is something businesses need to place a strong focus on - particularly as more employees begin to use personal devices to access business data, which may be beyond the control of the IT department.
Therefore, any strategy to counter this must include a strong education component to raise the 'security IQ' of employees and reduce the risk of users being ensnared by increasingly sophisticated social engineering techniques.