Beware of These 6 Ransomware Tactics and Cyber Scams
Ransomware. It’s a threat that is taking the cybercrime world by storm. It’s an effective, malicious attack that often ends in the victim having to pay a monetary ransom in order for the attackers to release encrypted data. While encryption has potential for good and keeping company data and emails protected, ransomware villains use encryption tactics to their advantage. Occurrence of this threat surged 165% last year,1 resulting in over 700,000 attacks that cost organizations approximately $18 million.2 All recent reports indicate that ransomware is not slowing down any time soon.
Prevalent ransomware tactics and cyber scams
- Crypto-ransomware, the most common form of ransomware, uses strong cryptography that encrypts (scrambles) data and alerts victims that a ransom must be paid in order to release the data. With a number of variants being created, this form of ransomware that has been steadily on the rise. Once released on an unsuspecting user, it runs an executable code that unknowingly encrypts key files on the infected computer (documents, videos, images, slide presentations, databases, etc.). It then displays a "ransom" note with a countdown clock on the user's screen or drops a text file in a folder. The note demands payment in order to recover the encrypted data.
- Phishing is typically spread through emails with the use of malicious attachments. The most prominent form of phishing schemes would be spear phishing which is a more targeted scam that uses publicly available information about the recipient to attempt to steal money or personal information.
- Whaling e-mail scams, a variant of spear phishing, are targeted to trick the victim into handing over personal employee information by posing as a high-profile user such as a C-level executive. Whaling scams are often distributed to a very small amount of people and often contain extremely personal information compared to large phishing campaigns; making them much more difficult to detect. Whalers make use of personal information found on public sites like LinkedIn, corporate logos and even leverage real phone numbers to customize their attempts.
- Drive-by-downloads are unintended downloads from infected websites that are installed on your device. Unlike a pop-up download, installation can be initiated by a simple website visit or viewing an HTML email message.
- Malvertising refers to malicious advertisements placed onto legitimate online advertising sites and pages. Crypto-ransomware is frequently spread through this technique.
- USB sticks can be used to spread ransomware to and from the attachable devices. Not only are files on the USBs stick vulnerable to attacks, it means that the USB itself is an attack vector that can spread the ransomware to corporate servers and other devices.
How To Protect Your Organization
In mid-2014, the CryptoWall ransom variant alone held 625,000 devices hostage and encrypted 5.25 billion files in just 5 short months.3 Typically, when ransomware encrypts your files, there’s no way to decrypt them so the most important step you can take to prevent falling victim to this cybercrime is to practice the best everyday security measures possible.
- Educate all employees. To be effective, ransomware needs victims. Those victims could potentially be your employees. Here's an alarming stat: if an attacker sends out 10 malicious emails, there’s more than a 90% chance of gaining a victim!4 Make sure your employees know what ransomware is and how to be on alert for it. Read Tips for Protecting Yourself Against Ransomware for a list of pointers to pass to your end users. Do what's necessary to ingrain these tips and make sure new employees are also formally informed. By ensuring all employees are educated on these tips, you can help protect your business.
- Back up your data and applications. Maintaining timely and thorough backups assures recovery is quick and efficient. It's important to note that cloud data is not necessarily protected in the cloud. Best practice is to keep backups in an external, non-mapped or not synced storage. iCorps Guardian® solution accomplishes this with image-based backups that are also stored redundantly in the cloud. The managed service delivers enterprise-level protection for companies of all sizes, ensuring you are prepared to face any disaster with multi-tiered protection. Microsoft OneDrive's document versioning feature also offers a solution. When ransomware hits MS Office documents stored in the OneDrive cloud, the encrypted docs are stored as new versions, while the latest version of your original document remains in tact. Your IT team then has the ability to remove the encrypted documents from your OneDrive.
- Implement Unified Threat Management. Unified Threat Management (UTM) devices or cloud services combine several security layers such as firewall, intrusion detection, anti-malware, spam and content filtering into one package. UTMs are an efficient and affordable way for small and mid-sized businesses to take advantage of these security layers. iCorps' Managed Security puts the deployment, management and maintenance of these security layers in iCorps' hands.
- Prioritize patches and application updates. Patching is one of the most effective ways to prevent attacks by reducing the known vulnerabilities in your system to minimize the exploitable surface area. Microsoft’s InTune, one solution contained in the Enterprise Mobility Suite, allows IT administrators to ensure the latest patches and software updates are quickly installed, as well as centrally deploy application updates. Equipping and empowering your IT team to keep all your employees patched and updated is important for protecting the company as a whole.
iCorps Technologies has been providing enterprise-level security solutions for SMBs for more than two decades. Learn about our latest security solution - Vulnerability Monitoring & Reporting.
1. CryptoWall Ransomware
2. Criminals Continue to Defraud and Extort Funds from Victims Using CryptoWall Ransomware Scheme
3. CryptoWall Ransomware
4. 2015 Data Breach Investigations Report
5. Avoiding a King's Ransom