Ransomware Beware
Ransomware is a hot topic in the business world today. Organizations continue to fall victim to hackers that send unsolicited phishing emails to employees that result in all files the employee has access to being copied, encrypted, and the original copy being deleted. As a result, the only way to get the data back is to pay the ransom, or at least that’s what the hacker claims. There’s no guarantee the data will ever be unencrypted, and there’s no guarantee the hacker will not ask for more money once the first ransom is paid.
Some companies rely on their backups to overcome ransomware attacks. If the data is backed up, the last backup can restore the data back to its previous state. That can solve the problem, but every time there is another ransomware attack, companies are just relying on their backups to save their data. This is just a band aid type of fix.
So how do you reduce your chances of a ransomware attack?
There are two ways malicious actors are getting access with phishing:
- Through a link that sends the employee to a malicious page that requires credentials for login. The login page is masked with a legitimate website skin to make the login page look real. On that page credentials are submitted from the user over HTTP and are accessible to the email sender. Once the malicious actor has credentials, they log in and upload the encryption software and it starts the copying and encryption process.
- Through a file attachment that when downloaded, it starts the copying and encryption process.
Let’s focus on Option 1 – The Link
If you train your employees to follow these basic checks, you will drastically decrease the chances of falling victim to ransomware.
- If the URL is http, do not enter your credentials and delete the email.
- Hover over the hyperlink in the email and look at the URL displayed for that link in the bottom left hand side of the email window. If the URL is not the same as the normal URL then it is a phishing attempt.
- Although not the best or recommended practice, you can copy the link from the hyperlink and paste it in the browser to see if it is legitimate.
Unfortunately, employee error is not bullet proof, so how do you protect from ransomware if someone gets access to your environment? Stay tuned for the next blog where I discuss, “How to set up access control permissions to your sensitive data”!
Tim Connell
As Head of Enterprise Products for Pulsar Security, he guides the team in creating solutions which satisfy the needs of real-world customers, specializing in the areas of data management, storage network visibility, and enterprise security. Tim holds technical certifications as an Offensive Security Certified Professional (OSCP), CompTIA Network+, CompTIA Security+, GIAC Penetration Tester (GPEN), GIAC Web App Penetration Tester (GWAPT), and GIAC Python Coder (GPYC).