The Wanna Decryptor (aka “WannaCry“) ransomware strain that surfaced over the past couple of weeks, and quickly gained momentum globally, serves as a harsh reminder of the troubles businesses face when putting basic security best practices on the back burner. With software solutions available to handle everything from patch management to more complex functions—such as those outlined in the THWACK® article “Ransomware Wannacry? Not Me. Here’s Why”—businesses are certainly able to bolster their IT security defenses. However, what they all too often fail to account for are the threats coming from within—those enabled by their own employees.
Ransomware: what’s the big deal?
Ransomware is a type of malicious software that infects a computer and restricts users’ access to files through encryption until a ransom is paid to unlock and release the data. The personal loss of important files, photos, etc., is made worse when impacting a business whose data maybe its only lifeline. If the data rendered inaccessible is highly valuable, those impacted by ransomware will fork over a hefty fee to keep regain its use.
An article published by Forbes reports that ransomware attacks in 2016 grew by “more than 167 times” compared to the previous year—there were 3.2 million ransomware attacks in 2015 and 638 million in 2016. What’s more, it is estimated that a total of around “$209 million in ransoms were paid in the first quarter of 2016 alone.”
How hackers are finding an in
Spurring the increase in ransomware attacks is the ease of execution. A primary attack vector for ransomware is among the most commonly used resources within today’s business setting: the email. Phishing scams, which plant the seed for the process of infiltrating a network, are a volume play. They hinge on a bet that someone out of the masses will make a false move and click away with no regard for consequences. That’s why it is imperative for businesses to educate their employees on how to spot some of the common characteristics of such attempts to avoid ransomware attacks altogether.
Tips to combat the threats enabled from within:
- Do not trust the email display name.A favorite phishing tactic among cybercriminals is to spoof the display name of an email. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Do not trust the display name. If it looks suspicious, don’t open the email.
- Look, but do not click. Hover your mouse over any links embedded in the body of the email. If the link address looks strange or you do not recognize it, don’t click on it.
- Check for spelling mistakes. Brands are very serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
- Do not give up personal information. Legitimate companies and financial institutions will never ask for personal credentials via email. Don’t give them up. EVER!
- Beware of urgent or threatening language in the subject line. Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that include threatening language.
- Do not believe everything you see. Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it is legitimate. Be skeptical when it comes to your email messages. If it looks even remotely suspicious, don’t open it.
Aside from arming your business with the right tools to spot anomalous activity on the network and shutting it down, IT security can simply start with education. Teach your employees how to stay safe online and you’ll be better for it.
Special thanks to Eric Quitugua, Information Security Manager at SolarWinds, for his contributions to this post.