Ransomware: Pervasive Threats - Part 2 of 3
Part 2 of our series describes some of the most common dangers associated with online data, as well as suggestions to recognize and mitigate them.
Once ransomware takes hold of a single computer or entire network, users can no longer access their computers, or the information stored there. A message appears onscreen demanding a hefty payment to restore system functionality. Failure to pay, the message notes, will result in data destruction.
While ransomware continues to serve as a popular, effective tool for cybercriminals, it’s impossible to state with certainty how frequently ransomware is used. The reason: Many ransomware victims simply make the payment and, fearing negative press, never report the incident. We’ve no way of knowing how many organizations have paid ransoms only to lose their data as well, though security analysts observe this occurs commonly.1
It is estimated that paid ransom amounts exceeded $7.5 billion in the United States alone.2 At least one cybersecurity analyst forecasts that by the year 2021 a new business will be victimized by ransomware every 11 seconds.3
Phishing: Recognize and Mitigate
Whatever your current cybersecurity status, you and your staff could probably use more education and frequent reminders about cybercrime. The reason? Chances are good that once a breach vector is introduced into your work environment, you or anyone with online access will click on a fateful link, open an infected attachment or trigger ransomware.
Three of the most commonly used methods for introducing a breach to a network are based in phishing techniques. They include emails, attachments and links, especially those that incorporate counterfeit or “spoofed” URLs. Analysts note that phishing is a source of more than 80 percent of all reported security hacks.4
Questionable email integrity
Most of us are aware of email hacks. You may have seen a colleague’s email address hijacked or spoofed in order to elicit a feeling of trust and familiarity. If there are any doubts, speak with (don’t email) the sender to verify the communication’s validity. Of course, the process adds extra time to the workday, but it’s still not as inconvenient as undergoing a cyber attack. If employees receive an email from an unknown source, they should consider deleting it.
Perhaps a particular email appears safe. Even so, links and attachments in the message may still serve as delivery mechanisms for malware, ransomware and wholesale theft. Here are some ways to avoid initiating a security catastrophe.
Beware of attachments
If an email includes an attachment, be certain of the file’s source. Contact the sender to double-check his/her identity and purpose of the email. If you open the attached file, do not enable editing or enable macros. Close it and bring it to the attention of your IT department.
Here’s the problem: A malevolent Excel or Word file with embedded macros often gets past antivirus screening. Opening and editing the file can trigger a string of malicious code that executes some form of attack.
URL spoofing works in a similar way. Suppose a familiar address (such as www.abcz-corp.com) appears in an email from a trusted source. Mousing over the URL may appear to verify the address, but the URL still may be counterfeit. Clicking it could lead to a data breach.
- The URL might connect to a perfect replica of the ABCZ website where people freely enter their user names and passwords – directly into a malefactor’s database. (Where did the replica originate? “Phishing kits” available on the black market often include counterfeit websites.)5
- Alternatively, merely clicking the URL may set off a malware attack on a local PC or the entire network.
Avoiding suspect URLs and links
- Is it even possible to avoid a spoofed URL or link? In most cases, yes. If you see a URL (particularly in an email, ad, electronic signature or social media format), just don’t click on it. Why not? In many cases, a URL or hyperlink that looks fine is actually composed of counterfeit characters that cosmetically mimic authentic ones. However, if you already know and trust the site referenced by the URL or link, you can visit its home page by typing the address – manually – in a browser.
- If you have any doubt whatever regarding an URL’s legitimacy, use a tool to verify it. For example, Google offers a free online “transparency report” to check URL safety. Several antivirus applications incorporate similar functions.
- In the past, a URL prefix of https:// was a fairly safe assurance of a secure site. That’s no longer the case because hackers use fake security certificates to impersonate secure sites.
Low-Cost Security Boosts
While a comprehensive listing of ways to avoid cyber attack is beyond this paper’s scope, understanding the security implications of emails, attachments and URLs is a great place to start. In addition, consider adding the following steps to your security protocol. Most involve minimal or no cost, but they can make a huge difference in cyber safety and efficiency:
- Educate and re-educate employees and contractors on security policies and common threats such as phishing scams
- Use data encryption
- Limit data access only to those employees and others who need it for a business purpose
- Have procedures in place to deal with security threats and breaches
- Remove extraneous data from online access
- Keep all operating systems and applications updated with security patches
- Use multi-factor authentication (such as iris scans and fingerprints) to gain access to any secure online data
- If a computer does not need to be kept online 24/7, disconnect it from the internet when it does not require online functionality
- Consistently back up data to more than one storage medium and store backups in more than two secure locations
Even with these precautions integrated into your organization’s routine, you’ll still need the defensive capabilities of a robust, scalable cybersecurity system.
Explore Part 3 of our article series. The final installment looks into the imperative need for stronger data security systems, as well as prudent methods for handling related costs.
Go back to Part 1 of our series, which outlines the background and circumstances that led to the extraordinary challenges facing healthcare IT security today.
Find more information on our services and banking teams at: