Recently, the United States House of Representatives received notice that access to yahoo mail accounts would no longer be allowed. The tech team made this move because of fears of a ransomware infiltration of Yahoo Mail.
This is the second security measure that has been taken in a short time span. Before the ban was put in place for Yahoo Mail, the tech team for the house placed a ban on appspot.com. Any device that was connected to the house’s internet using ethernet cables or wifi are banned from accessing appspot.com as well as Yahoo Mail. App spot is the domain that is used by Google to host custom built apps.
The reason stated for blocking appspot.com is that there were indications of the site hosting a remote access trojan called BLT. This trojan has been there for almost a year according to the sources. A spokesperson from Google stated that they were conducting investigations into the reports about the ban and are planning to work with the House of Representatives to resolve the issues.
App spot was disabled when the Information Security Office of the House created an advisory email that was sent to staff and lawmakers with warnings about an increase in phishing attacks on the network from third party email applications including gmail and yahoo mail. The phishing attacks were focused on trying to place ransomware on the user’s computer. The email stated that the primary focus of the attacks seemed to be through Yahoo Mail, which would be blocked on the server until further notice.
According to one congressional staffer at least one of the attacks was successful. The computer that was affected was shut down remotely by the House IT department within 20 minutes of the infection occurring. The computer then had to be reformatted.
A copy of the security email that was sent out by the House Information Security Office was obtained by Gizmodo and can be read here.
The email discusses an increase in attacks on the House system network that are believed to come from third party, web-based email applications such as gmail and yahoo. The focus of the attacks is to place ransomware on computers. The email discusses the security measures that it is taking in order to prevent this from happening, including the blocking of Yahoo mail until further notice.
It is worth noting that not long before the email was sent to the congressmen, congresswomen, and their staff, the FBI had issued a public advisory warning about ransomware being on the rise. The warning included steps to take in order to either lower the risk of a ransomware infection or how to recover a computer should your files become encrypted by attackers.
What is Ransomware?
In order to understand why these attacks are being taken seriously, it is important to understand what ransomware is. Simply put, ransomware is malware that is covertly installed on a computer without the user knowing it. This malware will then restrict the users access to the computer system. In order to gain access back to the computer a ransom will need to be paid to the operators of the malware.
There are different types of ransomware that are used. Some types will encrypt the files of the hard drive. This encryption is extremely difficult or even impossible to decrypt. This makes it much more likely that a ransom will be paid to gain the encryption key. Another type of ransomware will simply lock up the system and then display a message that is intended to coax a user into paying the ransom.
Typically ransomware acts as a Trojan and the payload is disguised as a file that seems legitimate, such as an attachment in an email. The attack is typically access denial where legitimate users are simply denied access to their files.
The use of ransomware was first most popular in Russia, but recently there have been more and more of these attacks throughout the world. McAfee, a security software vendor released data that showed they had collected nearly a quarter of a million samples of ransomware during the first quarter of 2013 alone. Large attacks involving ransomware started increasing through the use of trojans such as CryptoWall and CryptoLocker. It was estimated that CryptoWall took in over $3 million and CryptoLocker took in more than $18 million before it was taken down by authorities.
Ransomware is not discriminatory. It extorts money from individuals throughout the world and from businesses and organizations both large and small. While there are some ransomware scams that have bugs which allow the files to be safely decrypted without paying a ransom, these are few and far between. If your computer becomes infected by this type of malware, chances are you will have to pay the ransom in order to gain access back to your files.
Now, the question becomes why Yahoo Mail is being targeted by ransomware attackers. As a user of any type of web based email system it is important to make sure that you are taking the appropriate precautions regarding the use of these email systems. Make sure that you have a secure, organized backup regime in place in order to reduce the risk and vulnerability these attacks can cause.
However, as a user there is only so much that you can do. Yahoo and other web based applications need to do a better job of providing security measures that prevent criminals from exploiting their users accounts.
The current attacks aimed at the House of Representatives system show that Yahoo has not done all that it can to help in the prevention of these types of attacks. It will be interesting to see the response from Yahoo as well as other web based email systems regarding these types of attacks.
*Featured Image – Credit Gary Blakeley | Dreamstime.com