A phishing email disguised as a legitimate request to upgrade your Google Chrome browser is doing the rounds.
Users are asked to click on a link in order to upgrade their browser. An executable is launched, aptly name ChromeSetup.exe, which will encrypt specific files on the victim’s computer, and then demand a ransom in order for the data to be decrypted.
Decryption comes at a price: the amount being charged is 2 bitcoins (around $450 or roughly £295), and the deadline for paying the ransom is 96 hours.
The email sender address has been cleverly disguised to appear as if Google had sent it.
Experts warn that while active Trojans can be removed, it is much more difficult and sometimes impossible to recover encrypted files.
While rapid technological developments have provided vast areas of new opportunity and potential sources of efficiency for organisations of all sizes, these new technologies have also brought unprecedented threats with them.
Raising awareness
Raising staff awareness about the dangers of phishing is now a business-critical requirement.
The Cyber Essentials scheme has been developed by the UK Government to help businesses deal with the serious issue of cyber security. The scheme provides a set of controls that organisations can implement to achieve a basic level of cyber security.
Since 1 October 2014, the UK Government has required organisations to prove their compliance with the scheme in order to bid for government contracts that involve the handling of sensitive and personal information, and the provision of certain technical products and services.
As a CREST-accredited certification body, IT Governance can help organisations to achieve certification to either Cyber Essentials (CE) or Cyber Essentials Plus (CE Plus), at a pace and for a budget that suits them.
Visit our Cyber Essentials solutions page to view the range of cost-effective routes to certification.
It would be really useful to know which files are the “specific files” which the trojan encrypts.
Hi Martin, unfortunately this information isn’t known. The reports I have read mention ‘personal files’, however whether this includes a variety of types of files or not, is unsure.