Ransomware Shouldn’t Cost You a Thing
If fortune smiles on your company, you won’t ever have to deal with what we are about to discuss: ransomware. For the past several years ransomware has been a major issue for businesses, governments, and individuals. Today, we will talk about ransomware, how there are different strategies, and how some people want to put a ban on ransomware payments.
Common Types of Ransomware
As with most cyberthreats, ransomware keeps mutating, flooding the market with all types of dangerous malware. It can often be difficult to keep track of the threats. One thing is for certain, ransomware often relies on similar tactics to ultimately hold the data hostage. Let’s quickly take a look at five of the most common types of ransomware right now:
● Cerber - Cerber targets Microsoft 365 users through the use of an elaborate phishing campaign.
● CryptoLocker - One of the most famous ransomware strains that is now just a copy of the original that was shut down back in 2014.
● CryLocker - CryLocker uses a personalized ransom note using the encrypted files on a person’s computer or server. This ransomware locks a person out of their computer entirely.
● Locky - Spread through phishing, this ransomware instructs users to enable macros to read the message. Once that’s complete, the malware will start encrypting files, and demanding a ransom.
● Jigsaw - One of the worst of a bad lot. When triggered, Jigsaw will delete one or more files every hour for 72 hours. If the ransom hasn’t been paid when the 72-hour window is up, all the files are deleted.
Steps You Should Take
No business can afford to have their data encrypted, deleted, or worse. Fortunately, there are things you can do to avoid it. Let’s take a look at 10 steps that users can take to avoid dealing with any of the above threats.
1. Never click on unverified links
2. Do not open email attachments unless they are from a trusted source
3. Don’t download files from websites you don’t trust
4. Do your best to avoid giving out personal data
5. Don’t use USB or SD Card drives that you didn’t purchase yourself
6. Keep your software patched and updated, including security software
7. Utilize antivirus, firewall, and other security software
8. Use a virtual private network on public Wi-Fi
9. Backup your data onsite and in the cloud
10. Use a mail server with spam protection and content filtering software
But, If You Do Get It…
The ten tips above will help you avoid getting ransomware, but all it takes is one time for the nightmare to happen. In the past 12 months, $380 million has been spent trying to buy back access to ransomware-infected files, computing systems, and servers. At COMPANYNAME, we are of the belief that there are no good reasons to buy back your data. In your haste to get control over your data, you may consider paying the extortion fee, but here are a few reasons why you shouldn’t:
● The attack might be fake
● You may not get all your data back
● The hackers could leave malware behind
● You set a precedent that you will pay if attacked
● You are reinforcing the notion that hacking and scamming is profitable.
In fact, there are some legislatures in the US that are looking to make paying scammers’ ransom illegal. Since multiple municipalities have already gotten ransomware and paid the fine, more hackers are targeting them. The U.S. Treasury has already stated that they are firmly against payments to any ongoing extortion, including ransomware; and, in some cases, doing so may be breaking the law.
If you would like more information about ransomware, or if you are looking to get a comprehensive backup and recovery platform in place to stay proactive against a possible ransomware attack, call the IT professionals at Jackson Thornton Technologies today at 334-834-7660.
COVID-19 Pandemic Exacerbating Cyberthreats
Keeping your network and infrastructure free from threats is always a priority, but with so many people working remotely, businesses have encountered problems doing so. In fact, hackers and scammers have come out of the woodwork to try and gain entry into unauthorized networks or to flat-out steal data. This month, we thought we would take a look at how the COVID-19 pandemic has exacerbated the threats out there.
A lot of people are working remotely. In fact, one study showed that 58 percent of all knowledge workers--which are workers that deal in information--are now working remotely. With so many people being asked to work remotely, and no time to plan out a strategy to get them secured, many employees are working with unsecured access to company resources. In fact, unsecured remote desktops have risen by over 40 percent. This is a major concern, because cybercriminals can use brute force methods to gain access to a desktop. If that desktop is part of a larger computing network, they gain access to that as well. Not a good situation.
Speaking of Brute Force Attacks
With so many unsecured connections out there, brute force attacks are up nearly 400 percent over numbers in 2019. Kaspersky published a report stating as much, and it really isn’t a surprise. IT administrators were given very little or no advanced notice that they were to implement all the services employees would need. This created the current situation where there are many problems securing authentication points and keeping software effectively updated.
There Is Not Just One Virus Going Around
Hackers and scammers are using COVID-19, and the fact people are almost universally concerned about it in one fashion or another, to overcome people’s cyber awareness. This was seen almost immediately as COVID-19-related phishing attacks were deployed en masse. In fact, in April of 2020, there were nearly 70 times more COVID-19-related phishing attacks than the previous month.
Success Rates for Hackers are Improving
Since people are constantly accessing Internet-based resources, and are getting messages from all over, many people are less deliberate in their ongoing scrutiny of incoming emails, the predominant vector phishing attacks come in. The truth is that people were the weakest link in a company’s cybersecurity platform before the pandemic, but it pales in comparison to how much of a liability some are today without constant oversight.
COVID-19 is a Field Day for Scammers
As mentioned earlier and understood by many security-minded people out there, hackers are opportunists. A global pandemic is just the kind of situation that hackers look to take advantage of; and they have. There are literally billions of COVID-19 pages up on the Internet, so ascertaining which are legitimate and which are nefarious is going to be difficult. Additionally, thousands of domains are added each day, of which 90 percent are scams. Not a good look for humanity when the largest health crisis in decades is met with people trying to steal money and data from others.
A Change in Perspective is Needed
Technology’s job is to support the way people work, and with today’s strategies in place, more attacks are resulting in more breaches. This is largely because -- even with a sharp change in strategy -- companies are still trusting their users to do the right thing. They know that most of them will, and some won’t. The only way to get ahead during these uncertain times is to move to a zero trust strategy.
That’s not to say that users aren’t still going to have to do the right things, but under the zero trust model, the user is allowed to access their work regardless of where they are or what machine they are using. It’s less critical because instead of monitoring user behavior the zero trust model relies on the constant monitoring of the machines being used. Zero trust strategies constantly interrogate the network signal, the machine they are on, the data that is being transmitted, and the health of the software that is being used. If something is off, it is noticed and remediated immediately.
In the new zero trust perspective, risk is managed on a case-by-case basis, and that level of hyper awareness will go a long way toward mitigating further risk. During the COVID-19 pandemic, scammers have run rampant, video conferencing has been hijacked, phishing emails are more common and intricate than ever, but they don’t have to hurt your business. None of these circumstances matter when you seal up your network in a way where the most risk is mitigated.
If you would like to know more about how the COVID-19 pandemic has affected business and technology, or you would like to learn more about zero trust strategies and how to coordinate your business’ cybersecurity initiatives to give your newly remote workforce the best chance to help your business grow and prosper, call the IT professionals at Jackson Thornton Technologies today at 334-834-7760.
When the People You Trust Phish You
Having success in business often relies on developing trustworthy relationships. You have to trust your vendors and suppliers to get you the resources you need, you need to trust your staff to complete their tasks without putting your business in harm's way, and you need to trust your customers to buy the products and services that you offer. Running counter to these necessary bonds of trust are people actively soliciting people’s time, energy, money, and attention for their own selfish purposes.
Cybercriminals don’t care what kind of good will you’ve forged, all they want is your data or access to your network. This blind determination is a major threat to businesses like yours. One of the most prevalent scams is what is called a Display Name Spoof. It isn’t just your regular phishing scam, and today, we’re going to teach you everything you need to know to ensure that you aren’t a cybercriminal’s next victim.
What is Display Name Spoofing?
Display name spoofing is a spear phishing tactic where hackers will target an individual—who typically has access to the network or resources that the hacker wants access to—and sends them a vaguely worded email that is seemingly sent from a trusted source, often an authority figure. Since the email address and title look legitimate, subordinates who forsake security for alacrity can put your whole business in jeopardy.
It works like this: Many professional emails will have a signature. Display name spoofers use this to their advantage. What they will do is target a person, research them to find someone that could potentially get them to act impulsively, and use that information to phish the user. Below is an example of a display name spoof phishing attempt:
As you can see, the only thing that looks illegitimate here is the actual email address and since some email clients don’t actually show the address by default, you wouldn’t blame a dutiful employee for following the instructions in the spoofed email.
What Can You Do to Combat Display Name Spoofing?
At your business, you have cameras, You have locks on the doors. You’ve developed secure access control procedures to ensure your employees have the authorizations they need to do their jobs. Why would your strategy change when aiming to protect your business’ most important asset?
Just like with physical security, you need a strategy to protect your digital assets. Part of that strategy has to confront the fact that your business is going to get phished and that it is your responsibility to ensure that your employees are well trained, and therefore knowledgeable about how to identify and respond to these situations.
Here are a few tips on how to ascertain if a message is legitimate:
● Thoroughly inspect both the name and sender’s email address before you take action.
● Check the content for misspellings or completely incorrect uses of grammar.
● Consider if the sender would send a message asking you to take cavalier action.
● Consider if the sender would ask you to send them authorization credentials through email.
If there is any reason that the recipient has a notion that the email is not legitimate, implore them to verify. Getting a verification of the email’s legitimacy typically takes minutes and can really help eliminate the risks that display name spoofing can bring to your business.
If you need help understanding how to identify phishing tactics, train your employees to do the same, and knowing what steps to take when you realize you are dealing with a phishing attack, contact the IT professionals at Jackson Thornton Technologies today at 334-834-7660.