In honor of October being cyber security month, we are taking a look at some basic scams used by fraudsters who want to target you. Last week we talked about how to avoid the bait in phishing and spear phishing scams. This week we are going to learn how criminals use those phishing emails to launch ransomware attacks.
Ransomware is a form of malicious software that targets your data. These attacks can affect individuals, businesses, cities and counties, government agencies, hospitals, schools, and more.
Scammers will often send ransomware through email phishing campaigns. Once anyone on your network clicks on an infected file or link, the fraudster can have access to all of your devices and data. He encrypts the system, effectively locking you out. The attacker promises to decrypt your information if you pay up, usually by virtual currency. Unfortunately, there is no way to guarantee that the cybercriminal will unlock your data it if you pay.
Beyond the cost of the ransom, you risk loss of productivity, legal fees, and the need to purchase credit-monitoring services for employees and customers. Even if you manage to get your system back up online, it is likely that the attacker left other malware hidden on your system – requiring a remediation team to completely wipe the computers and restore everything from clean, off-line backups.
So what can be done to avoid becoming the next victim of a ransomware attack?
One of the most important things you can do is educate yourself, and, for companies, your employees. Learn how to spot and avoid phishing lures.
Make sure you are backing up your data often and that you are backing it up to an off-line source. Ransomware attacks can move quickly – infecting any connected device or on-line storage account. Your back-ups must be segregated and off-line from normal operations.
Make sure that all devices on your network are using the most current and patched versions of operating systems and applications (including email software, web browsers and software packages).
Keep your anti-malware software up-to-date.
If you get a pop-up or other message that says you are infected, disconnect the device from the internet and your network immediately to try to prevent the spread.
Finally, call the FBI right away. If we are called in early enough, we can sometimes assist with remediation.
In the end, the FBI recommends that victims NOT pay a hacker’s ransom demand. The payment only further encourages more criminal activity, and, even if you do pay, there is no guarantee that the hacker will unlock your data.
And remember, if you have been the victim of a ransomware attack, or any other online fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.