Paradise Is NOT Lost––Ransomware Returns With A New Trick
Published: June 9, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
The definition of “old” technology depends on who’s being asked. Since its discovery three years ago, Paradise ransomware is just one of many instances of older virus technology that’s getting a face lift. Security experts are seeing new signs the ransomware is re-emerging, but with an improved method of access that makes it difficult to catch. A new variant of Paradise malware was recently discovered using email phishing for bait and a trusted file format to disperse the malware into business data systems. The file format is so common that it’s difficult for average security software to detect. To security experts, it appears that Paradise was never really lost, but instead, hackers have found a way to breathe new life into the ransomware campaign.
Like many malware campaigns, email phishing is the way this ransomware finds a home. This latest version of Paradise uses Internet Query files (IQY), a text file that Microsoft Excel reads and downloads from the internet. IQY files are a widely recognized format that most security measures allow as being safe. As a result, attackers easily get Paradise past basic cybersecurity measures and begin encrypting data systems. Once encryption is complete, recipients receive a note demanding ransom payments in cryptocurrency. How prepared a business is for a ransomware attack helps determine whether paying a ransom is necessary to get data unencrypted and return to business as usual.
Since Paradise takes advantage of commonly used files as a cover, it’s even more important to be wary of all email attachments. Bad actors try to sneak their way into data systems with all types of attachments as a cover for malware. IQY files are now added to the growing list of popular malware-carrying file attachments like .zip, .pdf, .doc and .exe. No longer can we just be wary of a few file types. Literally, ANY file type is suspect these days. Anti-virus protection looks for the most common extensions and other file attachments as potential malware, but now, IQY files sneak past that protection.
This latest version of Paradise shows why every file type warrants a commonsense approach before opening it. Any suspicious or unexpected file attachments or senders should never get the benefit of the doubt, especially when attachments are involved. And since businesses can’t yet stop Paradise with conventional anti-virus tools, attention to email detail is up to the company and its employees.
Since ransomware infamously locks systems and files, remember to always do regular backups and have them ready to go in case of an attack. Paying a ransom is not advised and may not even succeed.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org