Ransomware TA16-091A UPDATED




UPDATED! – US Cert – TA16-091A – updated by DHS yesterday to express the required awareness of the ransomware threats currently active.

This is a BIG issue. We have already seen many medical groups held hostage and ultimately paying the ransom in order to get their data back!

Don’t let this happen to your business or your household! Spread the word. Contact MergerTree for further guidance.

Below is the detailed report from The Department of Homeland Security.

TA16-091A: Ransomware and Recent Variants


Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.

What should you do?

  • Be cautious and informed.
  • Think before you click! Don’t click links or open attachments that are suspect or that you did not expect to receive.
  • Contact the sender directly. DO NOT HIT REPLY! Start a new message and send to your known contact to make certain the message received is legitimate.
  • Understand how to identify spoofed email addresses and the URL (the link in the email).
  • Keep your updates current, run Windows or Apple updates regularly.
  • Restrict user’s ability to install programs under their sign in credentials (use an admin account for installs).
  • Share this information with friends and family!