Ransomware – Phishing for Cash

By Eric Noonan • June 8, 2016

According to a recent report conducted by PhishMe, 93 percent of all phishing attacks contained encryption ransomware, up 56 percent from December of 2015. This heightened growth can be attributed to the ease of sending ransomware via phishing emails that contain job applicant, billing, shipping, and invoice-related messages with seemingly harmless attachments.

Ransomware is a category of malware that prevents or limits users from accessing their system. Users are provided with the option to pay a “ransom” via online payment methods in order to grant access to their systems or to recover their data. Ransomware can target home computers, endpoints in an enterprise network, or servers used by government organizations or private healthcare companies. Although they promise the safe return of your data, there is no guarantee that paying up will restore your access. There are two main types of ransomware, lockscreen and encryption. The lockscreen ransomware simply displays a full-screen message that locks your system and prevents you from navigating away or accessing your files. The encryption ransomware encrypts your existing files and then demands money to restore them. A system infected with ransomware will typically alert users of infection within hours, differing from other common cyber-attacks that remain undetectable for months. Small to medium-sized organizations are particularly appealing prey for ransomware criminals as these companies tend to pay up quickly to avoid the hassle of alternative methods of recovering data. Additionally, cyber culprits blackmail organizations by threatening to delete files at consistent intervals so that the victims pay the ransom faster.

How do you prevent your organization from becoming a ransomware victim? The most encouraged approach is to have a reliable and secure backup system in place. Do not always trust in the cloud for backup security, newer versions of ransomware have been able to access data shared there as well. In addition to having up to date anti-virus solutions installed on all systems, ensuring that all users within your organization have completed the latest security and awareness training is key especially now that phishing has become the main source of ransomware attacks. Educate your employees to avoid opening emails and attachments from unknown addresses and avoid clicking on suspicious links. If your organization needs direction in performing any of the above tasks, please contact any member of the CyberSheath staff, we are here to help you protect your valuable assets, big or small!

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security