Snapchat exposes employee payroll due to malware link & hospitals pay ransomware to get their data back

Ransomware is making a big comeback recently, with entire hospitals in Los Angeles being held hostage and having to pay $17,000 in bitcoin to get their data back, see The Guardian, Reuters and the LA Times. If you've never heard the term "ransomware" before, it's a type of exploit that encrypts your data and/or entire drive, crippling your computer or even entire network, and you will only get your data back if you pay bitcoin as instructed to the author of the ransomware.

Ransomware can enter your device in a myriad of ways, but one of the most common ones is via you opening a file attached to an email. The first thing IT departments learn is to have them advise their users not to open attachments from strangers - not "have you tried turning it off and then on again?"

Meanwhile, in the real world I am receiving malware caused emails from well known PR contacts of ours, carrying infected payloads in the form of links to click to 'read more', and .docx or .pdf files. Naturally, our PR contacts have at some point fallen prey to this malware by opening such a payload, and that's why I am - just now - watching a flurry of malware caused activity in my inbox as emails are sent to everyone they know. I get emails from known contacts, sent to other known contacts, and am often bizarrely BCC:ed on the conversations of "should I open this?" before it's made clear "No! I got a virus! Don't touch!"
Dear PR people, at the ad agencies as well as you independent operators whom I love so much, you have to be your own IT department and stop your link-clicking, attachment-loving habits.

I know I'm not your IT department, but I beg of you, please stop sending us text only information such as creative credits and the press release as an attachment to the mail. Email as designed to carry text, and your attachment habit is a bad one from a security standpoint. It really is only a matter of time until malware evolves and sends ransomware to your entire address book. I'm not trying to be all 1987 AIDS ad melodramatic, but more in the clever chatroulette way, you never know which link or attachment it will be.

Now, from the description in the Snapchat news, it's unclear to me exactly what they're describing, but Snapchat, are apologising to all of their employees for exposing private information like payrolls, after an employee fell for some sort of phishing scam.

Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information. Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.

Snapchat even called the FBI. It might actually be easier to teach people not to open attachments or click links willy-nilly in every email they get until they are sure who the sender is. And I say that as someone who has warned about that attachment habit since 2008.

Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI. We began sorting through which employees–current and past–may have been affected. And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring.

For the rest of us who live in the real world, where the FBI of the United States are not our IT department, I hope this serves a decent alarm clock to learn better email practices. And please, when you submit your work to us, send us text, such as the creative credits & the press release itself, in the actual email and not as an attachment. To quote pet peeve #5 from that old article:

#5 - Attaching the entire release in a word document. Just stop it. Email was designed to carry text and all you did was format it in TIMES NEW ROMAN anyway.

AnonymousCoward's picture