News Feature | June 25, 2014

The Best Ways To Avoid A Dropbox Phishing Attack

By Cheryl Knight, contributing writer

Government IT News For VARs — December 17, 2014

Dropbox offers users cloud storage and the ability to synchronize folders across multiple computers — allowing multiple users the ability to share information quickly and easily. A recent threat to Dropbox users’ data, however, has been showing up in emails pointing to a ZIP file on the service containing ransomware.

How It Works

Ransomware, a type of malware, encrypts files on a computer, effectively shutting it down. The sender of the malicious download then demands money for code that will decrypt your files. An even more insidious version of ransomware slowly destroys the content on your PC until you bow to the demands of the sender and pay up.

The Dropbox-related ransomware is akin to CryptoLocker, a trojan virus that targets files on computers specifically running the Windows OS, encrypting them using an RSA private cryptography key. The Dropbox ransomware, in particular, attempts to fool the email recipient into clicking a link disguised as an invoice or fax report message. According to Ronnie Tokazowski, senior researcher at PhishMe, in a recent article, “They may think that they’re receiving a fax and it’s something they need to look at, which makes them inclined to go ahead and open it.”

How To Avoid A Dropbox Phishing Attack

The simplest way to avoid unleashing the Dropbox ransomware on a computer is to avoid clicking any links — anywhere — that do not have a recognizable sender. This includes downloading ZIP files and emails that have no recognizable sender. You can also revert to a backed-up version of your files, as long as you can afford to take the hit in the loss of data. According to Ori Eisen, founder and chief innovation officer of the fraud prevention company 41st Parameter, told, “If you back up files to either an external hard drive or to an online backup service, you diminish the threat. If you back up your information, you should not be afraid to just turn off your computer and start over with a new install if you come under attack.”

Communicating This To Your Customers

IT solutions providers should stress to their customers the importance of exercising caution while using their computers. Your customers can install the best anti-virus software in the world, but if their employees click on links that download ransomware, the anti-virus software is not guaranteed to stop an attack. Discussing your customer’s needs for backup — as well as a realistic look at downtime that an attack would create — will also help your customer prepare to react, should they become victim to an attack.