Ransomware

Ransomware Has Gotten So Bad, It’s Aligned with Terrorism

Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.

How Much Worse Has Ransomware Gotten?

Let’s look at this somewhat casually. 

Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.

The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.

This is Why the US Justice Department is Speaking Out

Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.

Other Governing Bodies are Following Suit

Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.

Ransomware Threats are Also Getting Worse

In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.

1. Use ransomware to encrypt a targeted system

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.

Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:

1. Steal data from a system, using ransomware to encrypt it after the data has been harvested

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

4. Threaten to leak or sell the stolen data unless a second ransom is paid

5. Profit again

This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.

So, if keeping a backup no longer helps to squash the entire threat, what can a company do?

How a Business Can Resist Ransomware

First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.

By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.

Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.

While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.

 

Hackers Start Beef with JBS Ransomware Attack

Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.

What Happened to JBS S.A.?

Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.

Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.

However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.

First of All, Who’s Responsible, and Who is Involved in Fighting Back?

There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.

The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.

The Impacts of Ransomware and Other Threats

While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.

Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.

At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.

 

Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack

Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which has created significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. On top of this, the attack seems to have set off bigger infrastructural changes in the political space.

Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.

The Colonial Pipeline Situation

On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.

For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.

In response to this threat, Colonial Pipeline quickly halted its operations… and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.

This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.

Ransomware-as-a-Service is a Serious Threat

Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.

This is serious, simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.

Double Extortion Makes Ransomware Even Worse

You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.

It’s the fact that this attack was using the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.

Events Like These Will inspire Cybersecurity Improvements

Partly in response to these events, U.S. President Joe Biden signed an executive order intended to boost the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements crucial to their continued survival.

Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. Jackson Thornton Technologies can be that resource for you. Give us a call at 334-834-7660 to start a conversation about what we can do for you.

 

Ransomware Is One of Today’s Most Dangerous Threats

Ransomware has been a real problem for the past several years. Once known for breaching networks directly, the establishment of uncrackable encryption left hackers looking to change their strategies. Today, they use scams to get people to give them access to network resources. If they are successful, it can deliver more than headaches for a business. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

Ransomware

The experience of someone victimized by a ransomware attack is laced with terror. The fact that the situation you are dealing with—finding your files, drives, or even network resources are encrypted and inaccessible--is definitely one that would startle anyone. You then see the clock that is patiently ticking down, and you know that if you don’t comply with the demands, your files/drives will be deleted. It’s not a pretty situation.

Phishing

Phishing messages are usually delivered through email, but can also be received via a phone call, text message, or social media message. They are known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. Scammers today are well-established and have gone to great lengths to concoct messages that could fool even the most vigilant user. 

Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. If a member of your staff incidentally clicks on a link or unpacks an attachment that is connected to one of these phishing emails—because it looks just like a valid email—you may be in some big trouble. Ransomware can move fast to encrypt data and drives, whittling your options significantly. 

What to Look for in a Phishing Email

There are some warning signs that a message is a phishing attempt. They include:

● Details are wrong - There are several details that you should check before you click anything in an email. Is the email address from the sending company? Are there misspellings and grammatical errors that you wouldn’t find in professional correspondence? Were you expecting an email from the company? If there are obvious inconsistencies, make sure to report it to your IT administrator before proceeding.

● There’s excessive urgency - Most phishing emails have desperate call-to-actions. Email is a useful correspondence tool, but very rarely are you directed to do anything that would necessitate you providing sensitive data. If an email’s message seems a little desperate, don’t proceed and report the message to your IT department.

● There’s a link or an attachment - If there is a link or an attachment in the email, and you weren’t expecting the email, you will want to reach out to the sender to confirm their legitimacy through another method of communication.

Phishing is today’s hacker’s go-to strategy. Ensuring that your staff is able to spot phishing attempts is the best way to ensure that ransomware or other malware payloads stay off your network. Call the IT professionals at Jackson Thornton Technologies today to talk about the strategies we prefer to ensure that our clients’ networks are left free of malware. You can reach us at 334-834-7660.

 

Cyberattack Discovery Time is Decreasing (But This Isn’t All Good News)

Research has revealed that cyberattacks are spending decreasing amounts of time on their targeted networks before they are discovered. While this may sound like a good thing—a faster discovery of a threat is better than a slower one, after all—this unfortunately is not the case.

Let’s explore this trend, and what it implies for your cybersecurity.

Understanding the Concept of Dwell Time

Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days.

So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was.

On the surface, this sounds great… and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren’t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited… right?

As much as we’d like to wrap this blog up right here and say “Right, and here are some best practices to follow…” we can’t. The situation is just a bit more complicated, and those complications are important.

The Shifting Threat Landscape Plays a Role

Here’s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks—more specifically, the type of attacks commonly being used—has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020.

Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days.

So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly.

Ransomware Has Gotten Worse

Unfortunately, a business’ troubles don’t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called “multifaceted extortion”—where the attacker threatens to also publish the data they steal if payment isn’t made.

Other Attacks Are Still Prevalent, Too

Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business’ network. They’re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence.

Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware—the kind that makes responding to a security incident more challenging—was seen in 78 percent of attacks.

This Is All Concerning, So Your Business Needs to Prepare Accordingly

How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different.

If you’re finding this to be a lot to deal with, you aren’t alone—and you don’t have to be to attend to all this, either. Jackson Thornton Technologies and our team of experts can help you ensure that your business’ network is fully secured and monitored against threats of all kinds. To find out more about what we can do, check out some of the services we offer and give us a call at 334-834-7660.

 

 

Category: 

The State of Ransomware

Do you know the true cost of a Ransomware attack on your business? Watch this video for some sobering statistics and find out why a disaster recovery plan and good back-up system are WELL worth it!

Category: 

Ransomware Shouldn’t Cost You a Thing

If fortune smiles on your company, you won’t ever have to deal with what we are about to discuss: ransomware. For the past several years ransomware has been a major issue for businesses, governments, and individuals. Today, we will talk about ransomware, how there are different strategies, and how some people want to put a ban on ransomware payments. 

Common Types of Ransomware

As with most cyberthreats, ransomware keeps mutating, flooding the market with all types of dangerous malware. It can often be difficult to keep track of the threats. One thing is for certain, ransomware often relies on similar tactics to ultimately hold the data hostage. Let’s quickly take a look at five of the most common types of ransomware right now:

● Cerber - Cerber targets Microsoft 365 users through the use of an elaborate phishing campaign. 

● CryptoLocker - One of the most famous ransomware strains that is now just a copy of the original that was shut down back in 2014. 

● CryLocker - CryLocker uses a personalized ransom note using the encrypted files on a person’s computer or server. This ransomware locks a person out of their computer entirely. 

● Locky - Spread through phishing, this ransomware instructs users to enable macros to read the message. Once that’s complete, the malware will start encrypting files, and demanding a ransom. 

● Jigsaw - One of the worst of a bad lot. When triggered, Jigsaw will delete one or more files every hour for 72 hours. If the ransom hasn’t been paid when the 72-hour window is up, all the files are deleted. 

Steps You Should Take

No business can afford to have their data encrypted, deleted, or worse. Fortunately, there are things you can do to avoid it. Let’s take a look at 10 steps that users can take to avoid dealing with any of the above threats.

1. Never click on unverified links

2. Do not open email attachments unless they are from a trusted source

3. Don’t download files from websites you don’t trust

4. Do your best to avoid giving out personal data

5. Don’t use USB or SD Card drives that you didn’t purchase yourself

6. Keep your software patched and updated, including security software

7. Utilize antivirus, firewall, and other security software

8. Use a virtual private network on public Wi-Fi

9. Backup your data onsite and in the cloud

10. Use a mail server with spam protection and content filtering software

But,  If You Do Get It…

The ten tips above will help you avoid getting ransomware, but all it takes is one time for the nightmare to happen. In the past 12 months, $380 million has been spent trying to buy back access to ransomware-infected files, computing systems, and servers. At COMPANYNAME, we are of the belief that there are no good reasons to buy back your data. In your haste to get control over your data, you may consider paying the extortion fee, but here are a few reasons why you shouldn’t:

● The attack might be fake

● You may not get all your data back

● The hackers could leave malware behind 

● You set a precedent that you will pay if attacked

● You are reinforcing the notion that hacking and scamming is profitable. 

In fact, there are some legislatures in the US that are looking to make paying scammers’ ransom illegal. Since multiple municipalities have already gotten ransomware and paid the fine, more hackers are targeting them. The U.S. Treasury has already stated that they are firmly against payments to any ongoing extortion, including ransomware; and, in some cases, doing so may be breaking the law.

If you would like more information about ransomware, or if you are looking to get a comprehensive backup and recovery platform in place to stay proactive against a possible ransomware attack, call the IT professionals at Jackson Thornton Technologies today at 334-834-7660.

 

Paying a Ransom Demand Could Get Even More Expensive

When it comes to ransomware, we have always stood firm in our recommendation not to pay whoever is responsible for locking down your systems. However, due to the globalized nature of technology and cybercrime, it is even more important that companies don’t attempt to placate their attackers with the demanded funds. Otherwise, warns the United States Treasury Department, these victimized businesses could very well pay severe fines for doing so.

What are the Costs of Ransomware?

Here’s the situation: in today’s increasingly connected world, cybercriminal activities can be conducted from essentially anywhere and target essentially anyone. It isn’t like the old-fashioned stick-‘em-up robbery, where the criminal had to be present to commit the crime. Now, someone in Portugal could presumably rob the Federal Credit Union of Poughkeepsie without getting up out of their poltrona.

One particularly effective tool that many cybercriminals will now use to do so is ransomware—a malware that encrypts a system and renders it effectively useless, only offering the user the means to pay the criminal responsible some fee in exchange for resumed access to their resources. Whether the cybercriminal holds up their end of the bargain is another, highly unlikely story.

As we’ve said, we recommend that you never pay these attackers… but we do understand why you may feel that is your best option. After all, it seems like the fastest way out of a bad situation and when your business is hemorrhaging money due to downtime, you’re going to want to fix the situation as quickly as possible. This is precisely what the cybercriminals are counting on.

Despite this, it really is a bad practice to pay for resumed access to your data for a number of reasons, not the least of which being the fact that you’ve no guarantee that your data will actually be returned and that the money you send will only fuel more attacks.

However, that’s just the start of your problems, should you elect to pay up.

Uncle Sam Wants to Dissuade Businesses with Different Tactics

To try and discourage ransom payments, the Treasury Department is doubling down on the advice that the Federal Bureau of Investigation has been giving for years. Rather than simply discouraging businesses from paying, the Treasury Department has warned that the federal government could severely fine the businesses that pay out these ransoms for violating terms laid out by the Treasury’s Office of Foreign Assets Control.

In their Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, OFAC outlines how many cybercriminal groups—including the North Korean Lazarus Group, the Russian cybercriminal syndicate Evil Corp, and individuals tied to SamSam and Cryptolocker—operate out of regions that are already subject to economic sanctions, or have had sanctions levied against them. These sanctions make it a crime to make any transactions with them…including ransomware payments.

After all, once that ransom is paid over, who’s to say that the money doesn’t wind up in the hands of some entity that poses a direct threat to security?

Unless given a special license by the Treasury, a business that facilitates ransomware by paying up could not only see losses in the amount of the exorbitant ransom demands, but also in the fines that could be levied up to millions of dollars.

Technically speaking, this advisory isn’t an outright ban on ransomware payments, per se. Instead, companies are encouraged to contact law enforcement to obtain clearance to pay the ransomware or to try to obtain an OFAC license to do so. However, these requests are more than likely to be denied.

There is also no telling how much these policies will be enforced, but it is almost certainly wiser to take them at face value and act accordingly.

Impact on the Insurance Industry

Adding to the complexity of the situation, this advisory flies directly counter to the advice that many insurance companies give their customers, as their advice is often to pay the ransom. The theory is that paying the ransom would ultimately be less expensive than recovering from a backup and undergoing the associated downtime—but ultimately adding to the growing ransomware problem.

These sanctions would effectively make it impossible for insurance companies to cover the costs that their policies guarantee, and it isn’t as though these companies will act in a way that violates these mandates.

Therefore, cyberinsurance policies will likely no longer include ransomware coverage. This may result in many businesses second-guessing if investing in insurance is worth the cost.

Regardless, for companies to protect themselves from the threat of ransomware, there needs to be a greater awareness of how to avoid the risks and the importance of doing so. This is especially the case right now as so many people are working remotely.

Ransomware attacks are commonly spread via phishing messages, often packaged in attachments or through disguised download links. Make sure your team members are all aware of this threat, and how they can better spot a phishing email as it comes in.

For more information on how to do so, and other security best practices and solutions, turn to us at Jackson Thornton Technologies. As a managed service provider, our mission is to help your business manage its information technology so that you can remain productive—which includes protecting it as best we can from a variety of threats. Learn more by giving us a call at 334-834-7660.

 

Hackers are Going Phishing for Your Money

When people talk about cybersecurity nowadays, there certainly seems to be a lot of emphasis put on phishing attacks and ransomware. This is for good reason. Not only can either of these attack vectors create significant difficulties for a business, they are often used in tandem. Let’s discuss why these threats are so potent, and why they so often show up together.

First, it will help to briefly review how each attack works.

How Ransomware Works

Imagine for a second the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay $X in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, a particularly ugly malware that could cost you everything. 

How Phishing Works

Do you ever get emails that seem to come in randomly from the government, your bank, or your insurance company? Do they want you to take action now and provide links or attachments to make that possible? The truth is most professional organizations that you depend on will never want you using email to do anything other than verify your identity. That means that the emails you get that say you have to act now to avoid going to jail for owing money are as fraudulent as they seem. 

These are phishing messages. They can come in through email, social media, or via SMS or phone call. Unfortunately for the modern user, they are constant, often sophisticated, and can be especially problematic if handled improperly.

Phishing + Ransomware = Major Trouble

Since today’s hackers can’t just hack their way into an account, they use social engineering tactics to do so. If they are able to expose their fraudulent message to someone that is less than vigilant, they may gain access to a computer (or worse yet a computing network), and then deploy their ransomware payload. Not a good situation for any individual; and, a major problem for any business. This is why it is essential that your staff understands phishing tactics and can spot fraudulent emails and messages when they come in. Let’s take a look at some telltale signs that you are dealing with a phishing message.

Identifying Phishing 

Phishing tactics are a lot more sophisticated than they were even a few short years ago, but they can’t do anything for the one variable that matters: legitimacy. Here are a few ways you can tell that you are dealing with a phishing attack.

● The details in the message are suspect - Many people don’t pay much attention to the email address an email is sent from, or if a word here or there, is misspelled. This is how phishing attacks get you. If you receive a message that has spelling or grammatical errors that you wouldn’t find in professional correspondence, you probably are dealing with a scam. You can also look at the email address itself or best yet, mouse over any links found in the text of the email. If it seems fishy, it’s probably phishing. Don’t click on it.

● The tone is desperate - One telltale sign that you are dealing with a phishing attack is that the message written to you seems urgent. No reputable financial institution or government entity is going to demand immediate action from an email. 

● There’s a link or an attachment - Using phishing to deploy ransomware (or any kind of malware), you will typically see an attachment or be asked to follow links in the message. If you have any question of the validity of the message, don’t click on a link or open an attachment. 

Cybersecurity is a constant process. If you would like help getting your staff trained or if you would like some information about other security tools you can use to keep your infrastructure and data safe, call the IT professionals at Jackson Thornton Technologies today at 334-834-7660.

 

Ransomware is Still a Major Threat

What is Ransomware?

Simply put, ransomware is malware that holds either files or entire drives ransom, until the perpetrator of the attack is paid via cryptocurrency. If the scammer isn’t paid in the time outlined, the data/drives are deleted, and if not properly backed up, lost forever. You can see how this can be a major problem for any business unfortunate enough to be victimized by ransomware. 

Ransomware has been around for quite a while, but over the past few years, with the availability of an alternate source of payment (cryptocurrency), ransomware attacks have been commonplace. As media attention surrounding these attacks has grown, businesses have started being more vigilant.

How Businesses Ward Off Ransomware

It’s not just the one thing that can keep ransomware from being a problem for your business, but there are a few actions that need to be taken to help avoid exposure to these nefarious strains of code. Let’s take a look at a few now:

1.Have a strategy for emails - Most ransomware attacks are sent through phishing emails. Make sure that you--and your staff--understands the best practices of dealing with emails and how to spot fraudulent messages. 

2.Have a backup strategy - Ransomware is a fabulous example of why organizations need to have offsite data backup in place. If your systems are hit by ransomware, having offsite backup in place will allow you to rest assured that your data remains unencrypted and available for use. 

3.Patch your security tools - One major problem with many organizations’ cybersecurity platforms is that the tools they rely on for network and data security aren’t always updated regularly. Keeping your antivirus and firewalls updated is a good practice regardless of the presence of ransomware. 

4.Never pay - There have been high-profile ransomware attacks where the victims pay the ransom. There is no guarantee that these scammers will unencrypt the files/drives or won’t leave other malware behind after they successfully extort you. 

Jackson Thornont Technologies is the trusted name when it comes to helping businesses utilize IT the right way. Our expert technicians can help you outfit your IT infrastructure with the tools you need to keep your network up, running, and free from downtime-causing malware. Call us today at 334-864-7660 to learn more.