By Jeffrey Chalkley, Information Security Program Analyst III
Ransomware and phishing are two of the most common cyber-attacks in the world today, yet they are also some of the most misunderstood. Phishing (pronounced “fishing”) is the practice of sending fraudulent emails from what appear to be websites that you may trust (such as banks, social media, email providers, even the IRS), then asking the recipient to reveal personal information such as passwords, bank account information or credit card numbers.
Ransomware is software that is downloaded or installed on a device, then asking the victim to pay a ransom in exchange for the return of stolen data or personal information. In essence, both cyber-attacks are a form of digital blackmail, which is why with a combination of the two, phishing ransomware attacks are some of the nastiest threats to both personal and professional information.
Phishing ransomware attacks begin with what seems like a legitimate email, making it hard to identify as malicious. It may look like it is from a familiar sender, often personally addressed to the victim. They include attachments, which draw attention, urging the victim to open a file or click on a link. Once the attachment or link has been opened, the scammer gains access to data and the computer, and will distribute the malicious payload. Sometimes, the attachment even looks legitimate – with a familiar company’s logo on the header – so the victim remains unsuspecting. If this happens to a computer attached to your business’ network, it can spread to other devices in the background until all of your computers and servers are no longer accessible and a ransom demand is displayed.
In March 2018, the creators of the SamSam ransomware launched an attack on the infrastructure of the city of Atlanta, Georgia. The attack affected many of the city’s essential municipal functions. Among those affected were citizens’ ability to pay water bills or parking tickets. The ransomware demand was $51,000 (unpaid) while the recovery costs were estimated at $17 million. Atlanta spent more than $5 million to rebuild their infrastructure after the ransomware attack.
How can you protect yourself and your business?
There are a few technical ways to protect your data.
First, keep your devices and programs updated. There are new exploits being found every day and software companies often release updates to their software to fix “Security Issues.” In fact, most of the big attacks that made the national news, such as WannaCry, could have been easily prevented as it was only able to attack systems that were not up to date.
Another way to protect your data is to have a firewall and an anti-virus program installed and regularly updated. Modern anti-virus programs can warn you when you try to access a malicious website.
Finally, a major way to protect your data is to make regular backups, and store them offline and off-site. This is your fail-safe. No matter what goes wrong with your systems, you should always have a way of restoring your data.
Technology is not the only solution. Training yourself and employees is essential to protect your assets. What good is another fancy lock on the door if your child will let in anyone who knocks?
Some of the best things you can do are easy:
- SLOW DOWN! Think before you click or take action. Scammers use the sense of urgency to get you to follow their instructions.
- Look at what you are clicking on. Hover your mouse pointer over hyperlinks in email messages on a computer to display the real URL.
- Get a second opinion if something doesn’t feel right. Don’t be afraid to ask your trusted coworkers if the email doesn’t seem right.