Hackers have used Skype to conduct various phone scams; but this month, they have found a new way to exploit the popular video calling app. Ransomware, which has predominantly been distributed via email attachments and URL links, is now being delivered through fake Skype ads. The details below will help you avoid business-crippling ransomware.
Initial reports found that the fake Skype ad was disguised as a critical Flash update. Clicking on the ad triggers a download of a seemingly innocuous HTML application named “FlashPlayer.hta”. If opened, the app would download malicious code that encrypts the victim’s files and holds them hostage until a ransom is paid.
According to security experts, hackers were obfuscating malicious code in the fake ads, which helped the ransomware evade detection from common antivirus tools. Many other users in the past have encountered similar Skype ads, but this is one of the first few scams that delivers ransomware.
To protect yourself against this ransomware you need to do the following:
- Be critical - you must be careful of opening suspicious ads and links from Skype -- or any content off the internet for that matter. Before you click on a link, hover over it to see where it leads. Unsolicited emails with links and downloadable files should also be avoided unless you’re certain it’s coming from a credible source.
- Download only from trusted sources - just like the tip mentioned above, make sure the software you download are from trustworthy app stores. In this case, Adobe Flash plugins should be downloaded directly from the official site, not from random ads.
- Install security software - strong antivirus, intrusion prevention systems, and other cybersecurity solutions can detect and block ransomware before it makes your entire system unusable.
- Invest in backups - storing your data in multiple cloud-hosted data centers will help you recover critical files should ransomware manage to infect your local computers.
When it comes to ransomware, hackers don't always return your files and we never recommend giving in to their demands. Staying informed and being prepared is the best solution to any malware.
Skype is the last place you’d expect a hacker to turn up, but if you don’t account for all possible vulnerabilities -- including security flaws in your VoIP solution -- your business has a bleak future. Contact us to protect your VoIP, your cloud, and your business today.