In June of 2019, the City of Lake City, FL paid $460,000 to a ransomware attacker to regain control over their email and two other servers that had been taken down by ransomware.
This scenario is becoming all too familiar to businesses and government agencies throughout the country that suffer from ransomware infections that render their files unusable, taking down vital services needed to operate.
The number of ransomware attacks have doubled in 2019.
With each successful ransom demand, hackers are emboldened to attack new targets. And while the FBI recommends against paying a ransom for that reason, many organizations find they have no choice.
Businesses pay ransoms because they either don’t have a full backup of their data to fall back upon or they need to have operations restored as fast as possible and their restoration process might be complex to undertake after a virus removal.
Companies often employ network security tools, such as next-generation firewalls and anti-malware software to help combat ransomware, but they may be overlooking an important part of any strong defense, which is security awareness training for their users.
Phishing Emails are the Main Delivery Method for Ransomware
71.4% of targeted attacks involve the use of spear-phishing, which is phishing aimed at a specific organization, department, or user. And 66% of all malware, including ransomware, is installed from opening a malicious email attachment.
The fact is that ransomware, much like other forms of malware, target the user through use of sophisticated phishing emails, malicious mobile apps, or social phishing and need the everyday person to do something to let the ransomware in.
That required action may be a click on a link to a site with a drive-by download, opening an email attachment they shouldn’t, or clicking on social media link without thinking. But without that interaction, the ransomware can’t infect a device or network.
This often puts the power of stopping ransomware into the hands of the end user, and those employees that are properly prepared through security awareness training can often avoid falling victim to ransomware attacks.
Training Your Employees on Security Awareness
Studies show that training employees on security awareness when it comes to data handling and technology can decrease incidents of ransomware and other malware infections as well as reduce losses associated with cybersecurity incidents.
According to the U.S. State of Cybercrime Survey, security awareness training of employees both helped deter attacks and reduced security-related losses by over 320%.
Following are some of the common ways that everyone can safeguard themselves from falling victim to a ransomware attack that can infect their computer and network.
Always Hover Over Email Links Before Clicking
It’s getting much harder to spot a phishing email right away. No longer do they typically have misspelled words and blurry images. Today, they’re designed to look identical to an email from a legitimate company even down to their logo and signature.
But one simple way to spot them is to hover over any hyperlinks in the email before you click on them, which will reveal the true URL, which is generally a dead giveaway that it’s not from a legitimate source.
Don’t Trust Emails Just Because They’re Personalized
With so much information online for the grabbing, it’s easier than ever for hackers to use an algorithm that inserts your name, title, or company into an email to try to get you to trust it.
They’ll also often send a spoofed email that is seemingly from a colleague with something like “check out this report” that has a malicious file attachment. All it takes is for them to go on LinkedIn and they can grab multiple names and titles for any specific company.
Don’t trust an email just because it has personally identifiable information, always view unusual or unexpected emails with a suspicious eye.
Don’t Assume Mobile Devices are Safe
There are now more Google searches being done from mobile devices than desktops, and mobile phones are also taking over more of the workload at offices. As users have moved to rely more on mobile, hackers have followed them.
Last year, mobile ransomware infections increased 33%.
Users need to be aware that opening a dangerous attachment on a mobile device is no safer than on a desktop and you can still suffer a ransomware attack that scrambles all the data on your smartphone and travels through the network to reach others.
Also be aware of any apps you download and double check their developer. Fake apps are another way ransomware is delivered to mobile devices.
Disable Auto-run Macros in Microsoft Office
Most users have become savvy enough to avoid opening email attachments with unusual file types like.exe or .tar. yet they still trust a Word or Excel document.
MS Office documents have become the most used file type for spreading malware via email attachment. They’re able to execute code by use of macros that can autorun when you open a document… UNLESS you have that macro setting disabled so it won’t run upon file open.
Be Aware of Social Phishing
With the rise of social media, social phishing has become an offshoot form of delivering ransomware and other malicious code. These can come in the form of direct messages or posts with dangerous links that come from a friend’s hacked account, making you think it’s from them.
Employ the same “hover before you click” method and skepticism with social media posts and direct messages as they’re increasingly being used for malware and ransomware delivery.
Safeguard Yourself Against Ransomware with Proper Training
Ongoing security awareness training goes a long way towards protecting your business and individual device from a ransomware infection. Get started with a comprehensive program by contacting C Solutions! We’ll help you stay on top of cybersecurity awareness so your team can be prepared for anything.
Schedule a free consultation today! Call 407-536-8381 or reach us online.