This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out. Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.
Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.
- Block all .zip type of attachments in your email system
- Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
- Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced
As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.