The United States of Representatives has taken drastic action in the wake of a series of attempted ransomware attacks against its computers. It is completely blocking Yahoo Mail.
Gizmodo managed to get its paws on a copy of an email sent to House of Representatives staff by its IT department at the end of April, warning that an increase in ransomware attacks had been seen, primarily coming through Yahoo Mail.
Part of the email reads as follows:
In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting â€œransomwareâ€ on usersâ€™ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a â€œransomâ€ is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.
The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.
Gizmodo reports that an unnamed congressional staffer confirmed that at least one of the ransomware attacks had succeeded in infecting a computer, resulting ultimately in the hard drive being wiped.
Shortly before the warning was sent to staff, congressmen and congresswomen, the FBI issued its own public advisory warning consumers and businesses that ransomware was on the rise – and to ensure that precautionary steps were being taken to either reduce the risk of infection or be able to recover should files be encrypted by attackers.
The fact is that ransomware doesn’t discriminate – it extorts money from individuals around the world, and organisations big and small. Although some ransomware contains bugs that can allow files to be safely decrypted without paying a ransomware, it’s sadly a minority.
The answer, as always, is that prevention is better than cure. Be sure to check out my article on the Bitdefender Business Insights blog for my top tips on how to stop your computers being hit by ransomware.
But aside from defending your systems and ensuring that you are reducing the threat by having an organised, secure backup regime we also need ISPs and webmail providers to play their part in identifying and stamping out attacks.
If ransomware attacks are really being spammed out from Yahoo Mail addresses that does rather suggest that Yahoo isn’t doing the best of jobs preventing criminals from exploiting accounts to engage in malicious activities.