Ransomware threats continue to grow in 2019 as cybercriminals become sneakier and more targeted in their efforts, which means only organizations that are continuously proactive in maintaining security may come away unscathed. Consider the latest:
- The group behind the Dharma ransomware is now bundling it inside a fake antivirus software installation. Phishing emails that reportedly come from Microsoft claim the victim's Windows PC is "at risk" and urge the user to click on a link to update their antivirus. Once that link is activated, the ransomware then encrypts files in the background while the user completes the antivirus installation process.
- There have been nearly two dozen ransomware attacks on local government, law enforcement agencies, and universities in 2019. Only about 17 percent of local governments pay a ransom to the attacker, but such malicious activity still pays off for cybercriminals. Even though cybercriminals may not have been targeting an organization specifically, once they gain access, they can determine if it's worth asking for a ransom. A second reason is that they can sell access to an already compromised and valuable system to other cybercriminals for $10 to $15.
- Monitor vulnerable periods. Cybercriminals seek to maximize opportunity and so will carry out phases of their attacks on different days of the week. Security Boulevard finds that "pre-compromise" traffic is about three times as likely to happen during the work week, probably because phishing attacks require someone to click on a bad email, while "post-compromise" traffic is less evident. Command-and-control activity can happen at any time. "Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks," Security Boulevard’s report says. It also advises being aware of what ransomware is targeting, such as geography and various vulnerabilities, since ransomware is a "game of choice" rather than a "game of chance."
- Teach employees to be suspicious. When training employees to avoid phishing emails, urge them to think about whether it makes sense to be receiving an email from UPS, for example, when they're not expecting a package. "Or if you receive an email that appears to be from someone in your contact list that you haven’t talked to in years and the message doesn’t make sense, don’t open the attachment," advises Gregory Zolkos, president and CEO of Atlas Professional Services. A Google survey finds that only 60 percent of respondents know what "phishing" means.
- Know that malicious software looks legitimate. More than 3,800 malware samples were signed with valid certificates from well-known certificate authorities, find researchers from Chronicle. While more signed malware is expected, the good news is that, “Certificate authorities are actively revoking certificates from malware executables that are identified in the wild," Chronicle reports.
You May Also Like
- Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience RansomwareNovember 30th, 2023
- Ransomware Retail/Hospitality
’Tis the Season for Cyberattacks: 6 Steps Retailers Can Take to Ensure Effective Ransomware ProtectionNovember 23rd, 2023
- RansomwareNovember 15th, 2023