What is ransomware?
Ransomware is an attack that encrypts files on your computer and asks for a monetary ransom to release the encrypted files or provide the encryption fee. We have seen several attacks on large corporations and cities in the news recently (Garmin, City of New Orleans) but have also experienced attacks on small-medium businesses and local schools. Ransomware is an equal opportunity threat.
Current threats/trends:
- Ransomware is up 20%
- Ransomware is using COVID as a way to disguise attacks. This may include emails asking for personal information to process PPP loans, view your COVID test results or provide COVID contact tracing.
- Microsoft Office files have surpassed PDF files as a top threat. This means that Microsoft Word, Excel and other files (including PDFs) should be opened with caution: only open them if you are expecting that type of file from that user. When in doubt, contact the sender directly and ask if they meant to send the Word or Excel file. You should also hover over the sender information and make sure the sender name (John Doe) matches the sender email address (john.doe@email.com).
- Ransomware players are using new, trendy ways to communicate with victims. A new ransomware called “Ada Covid” is using WhatsApp to request ransom and provide directions.
General Recommendations
- Train your staff to read emails with caution: hover over links before clicking, check the sender information, have secure ways to share information outside of emails (for payroll, ACH, etc.)
- Consider using a security service to test your users for email and phishing knowledge – ITS can send bogus emails and track which users click and provide the requested information through the phishing link. This will help you know how savvy your users are and develop future training opportunities.
- Consider using a link protection service – we use a product through Sonicwall for our ITS email. Sonicwall opens and inspects each link we click in an email, and refuses to provide the connection if the link leads somewhere spammy or unsafe. A similar service keeps us safe from file attachments.
- Setup an external sender policy to help your users spot phishing attempts – when an email comes from outside of your domain, a message or tag is attached to warn your users that it came from offsite. This helps with emails that are designed to look like they came from a company administrator, but actually came from a cyber criminal. (like those emails requesting payroll information or gift cards)
- Use an antivirus software and keep it up-to-date
- Make sure your Windows devices are up-to-date – Windows 7 and Windows Server 2008 are no longer under support.
- Use a firewall and modern connection protocols to keep remote users connected safely to your servers and resources. Or, consider a cloud-hosted model to make remote work even more efficient!
Do you have questions about any of the threats listed, or are you interested in learning more about protecting your users and network? Contact ITS for more information on our security solutions!
Download the full report: https://www.sonicwall.com/2020-cyber-threat-report/