Skip to content

Trending Malware Threats: "Spear Phishing" and "Ransomware" for Nonprofits

Trending Malware Threats: "Spear Phishing" and "Ransomware" for Nonprofits


In the last six months, three local organizations have been attacked by a type of malware that encrypts and holds your server data for ransom. Thad O'Brien, Chief Technology Officer at IDEOLITY shares how to protect your organization's data and avoid this scam.

Remember the good old days when computer malware was annoying but benign? Sorry, there was no such time. Malware can be annoying, but it's never benign--at the least, it imposes a significant lost-time, lost-productivity toll. At its worst, malware can destroy important documents, expose confidential information and cost thousands of dollars. And ruin your week.

Over the last two years, a form of malware called "Ransomware" has become prevalent. This type of malware uses sophisticated encryption technology to scramble documents on your PC or laptop and shared network file storage. Then, you receive a message demanding a fee (the ransom) for the decryption key so that you can regain access to your files. Typically, you have 24-72 hours to respond or you're out of luck. Sometimes, you can restore from a backup, but you must act fast. Many people have grudgingly paid the fee for the key.

Antivirus (a/v) software does catch most ransomware attempts these days, but there are exceptions. Often the first clue is being unable to open a file. To borrow the saying, "If you see something, say something," meaning contact your I.T. support team if you notice something odd. Time is not on your side, so calling for help quickly can reduce the damage. If you cannot obtain instant support, turn your PC off.

The other trending malware is "Spear Phishing," which is a social engineering scam directed at a specific person or organization. The criminal does enough research on your organization to send credible emails, usually requesting a wire transfer of funds, to someone in a finance or accounting role. The email looks authentic and the criminal is savvy enough to exchange emails with the victim to make it seem even more realistic.

These days, initiating an electronic funds transfer can take two minutes, so be wary. It's probably a good idea to review the process in place at your organization for such transactions and to make sure it cannot be circumvented by a clever foe.

What else can you do? 

Make sure your anti-virus (a/v) software is up-to-date, by actually looking at the a/v control panel and verifying that it has checked for and installed updates. Do this weekly. (This is particularly important if you turn your computer off when you leave work, because updates may be scheduled overnight.)

And, finally, if someone calls you from "Microsoft" saying they have discovered malware on your computer and can remove it for you while you're on the phone....hang up.