Sun Tzu wrote in The Art of War: “In the midst of chaos, there is also opportunity.” Unfortunately, cyber criminals see the chaos caused by the COVID-19 pandemic as an opportunity to send phishing emails which seem like they are delivered from the email domains associated with the Centers for Disease Control, the World Health Organization, the National Institutes of Health, state/local agencies, service providers and even company HR departments. These phishing attacks are designed to trick recipients into clicking links embedded in emails or to enter network (or home computer) credentials. Companies are increasingly at risk from attack by cyber criminals using a new and more malicious threat called Maze Ransomware.
 
Maze Ransomware Threat
Hopefully, everyone knows what ransomware is and how it works. “Maze Ransomware” not only locks up a company’s computer systems encrypting data until a “ransom” is paid, it also exports the company’s client information to the cybercriminals. This enables the cybercriminals to threaten the release of confidential client information on the internet leveraging a larger ransom. In some instances, the cyber criminals release some stolen data right away to show that they are serious about how they may use the information they have obtained. A successful ransomware attack and the release of client data is harmful to clients, may trigger regulatory filings, is expensive to remedy and is extremely damaging to a company’s reputation. 
 
Cyber criminals do not need to use brute force to defeat computer network safeguards to implant a ransomware virus. They rely on tricking computer users (like you and me) to mistakenly download the virus by clicking infected links in emails, on websites or opening infected attachments.
 
An example of a suspected phishing attempt received last week is below:

Ransomware Threat Email Example 1

Red flags: the sender’s name is “jlo” (it would be awesome to receive an email from Jennifer Lopez but this is highly unlikely), urgency—"last day for discount” and gilrossco.com is a brand new domain name created on 3-17-2020, just two days before the “discount” expired. In addition, several days after the offer expired, a website using the domain name used in the email could not be found.

What’s New - I already know “Don’t click the link”
The tricks used by cyber criminals are getting more and more sophisticated. Cybercriminals are using pop ups that look like authentication screens for systems that users are used to referencing daily. Below is an example of a recent email received which included a number of red flag warnings that it was a phishing attempt. Furthermore, after closing the first pop up, a second phishing window popped up using additional fear tactics, threatening the loss of data and a crash of the computer, in order to gain access to network login and password information.

What to do
When there is suspicion of a phishing email, don’t open it. The best thing to do is right click and mark it as spam.
 
If you do open an email and suspect a problem, do not ignore the situation hoping it will not be tracked back to your computer because it will be tracked. The best thing to do is place a call to the internal IT Help Desk department. To further assist in mitigating the situation and resolving the phishing scam, it is helpful to use applications like Snagit or the Snipping Tool to take a screen shot of the suspect messages for the a company’s IT department to review and access for further action. Another step to take involves pushing the CTRL + ALT + DELETE keys all at the same time to pull up the Task Manager in an effort to close your browser using the Task Manager. If one clicks the “X” in the popup of the phishing email in an effort to close messages it will likely lead new popups and potentially downloads of additional malware or viruses.
 
For more information about how to protect your company and employees from cybersecurity scams, please contact Ed Barkel at ebarkel@lrrc.com or visit the firm Data Privacy & Cybersecurity Practice page.

 

 

As issues surrounding COVID-19 are fluid and rapidly changing, the information in this alert should not be construed as legal advice. It is intended to provide information as it is currently available.

This material has been prepared by Lewis Roca Rothgerber Christie LLP for informational purposes only and is not legal advice. Readers should not act upon any information without seeking professional legal advice. Any communication you may have with a Lewis Roca Rothgerber Christie LLP, though this announcement or otherwise, should not be understood by you to be attorney-client communication unless and until you and the firm agree to enter into an attorney-client relationship.