3 of the Most Troubling Cyberattacks in 2021

Cybercriminals were very busy in 2021. Here are three of the most troubling cyberattacks they perpetrated.

The year 2021 was a busy year for cybercriminals — and for the US Federal Bureau of Investigation's (FBI's) Internet Crime Complaint Center. "IC3 saw complaints increase nearly 70% between 2019 and 2020," said the FBI. "The latest numbers indicate 2021 may be another record year."

One particularly telling number was reached back on May 15, 2021. On that day, the center received its 6 millionth complaint. "It took nearly seven years for the FBI's Internet Crime Complaint Center (IC3) to log its first million complaints," said the FBI. "It took only 14 months to add the most recent million."

While the increasing rate of cyberattacks in 2021 is alarming, some of the cyberattacks are concerning for other reasons. Here are three of the most troubling cyberattacks and why we should be worried:

 

  1. T-Mobile Data Breach

In August 2021, hackers stole the personal data of more than 54 million past, present, and prospective T-Mobile customers. In addition, data about 52,000 current Metro by T-Mobile customers was taken. Besides names and addresses, the stolen data included Social Security and driver license numbers.

The number of victims is not why this cyberattack is concerning. While 54 million is a big number, much larger data breaches have occurred. Yahoo, Aadhaar, and Cam4 have had breaches that involved billions of victims. This cyberattack is troubling because it is the fifth major data breach at T-Mobile in the last three years.

T-Mobile is not the only company that has experienced multiple breaches. LinkedIn, Marriott International, and Yahoo are only some of the many large businesses that have experienced two or more breaches.

Multiple data breaches are also common in small businesses, according to the Identity Theft Resource Center's "2021 Business Aftermath Findings" report. Sixteen percent of the 1,467 small businesses represented in the study reported having a data breach — and nearly 75% of those 235 businesses have experienced two or more breaches.

Having multiple data breaches is indicative of a larger problem: Despite being attacked, some breached companies fail to find and fix the weaknesses in their IT systems to prevent future data breaches. Cybercriminals know this so they try to attack victims again.

 

  1. Google Brand Phishing Attack

A phishing email supposedly from Google was making the rounds during the third quarter of 2021. The cybercriminals took great care in making it look like a real email from Google.

The email had the subject line "Help strengthen the security of your Google Account" and was sent from a spoofed Google email address that looked legitimate at first glance. The email message began with the statement "Add ways for us to make sure it's you", which was displayed in large letters using the same font that Google uses. The email went on to say, "Users with extra ways to verify their identity are far less likely to be hacked or locked out. Add additional ways to prove it's really you and see other personalized security recommendations in the Security Checkup."

If the email recipients clicked the "Take action" button or the accompanying link in the email, they were sent to a fake Google login page that looked like the real deal. Google users who entered their credentials were handing them over to cybercriminals.

This is an example of a brand phishing attack that cybercriminals use to trick people into revealing sensitive online account information. Cybercriminals create emails or texts that look like the ones from popular brands. The top 5 impersonated brands are Microsoft, Amazon, DHL, BestBuy, and Google, according to Check Point researchers. The emails and texts try to get the recipients to click a link that takes them to a fake malicious web page. Typically, the web page instructs them to log in to their account or provide some other type of sensitive information.

Brand phishing attacks have become so prevalent in recent months that the FBI issued a warning about them on November 23, 2021. "As consumers more routinely make purchases, conduct business, and receive support online and through mobile applications, cybercriminals continue to target brand-name consumers due to the sheer number of people using brand-name services and the level of trust and legitimacy associated with these companies," stated the FBI.

 

  1. Quanta Computer Ransomware Attack

In April 2021, a ransomware gang named REvil hacked into the network of Quanta Computer, an electronic device manufacturer that Apple and other electronic companies use to assemble their devices. Before encrypting Quanta's files, the gang stole a lot of data, including proprietary information for several soon-to-be-released Apple products.

Quanta refused to pay the $50 million ransom, so the cybercriminals upped the ante two ways. First, they started demanding $50 million from Apple as well as Quanta. Second, they threatened to sell the stolen Apple documents to the highest bidder if their ransom demand wasn't met.

This cyberattack spotlights a dangerous trend: Ransomware gangs are increasingly focusing on data theft and extortion. Initially, they would steal data before encrypting it to simply pressure companies that were unwilling to pay the ransom. However, the gangs have discovered that the fear of having data publicly exposed is an effective motivator in and of itself, especially if the stolen files contain proprietary or personal data. The latter is of particular concern because many companies use and store personal data that is regulated by laws such as the US Health Insurance Portability and Accountability Act (HIPAA). Having data stolen is considered a data breach. If the stolen data is publicly posted, regulators might find out about the data breach and fine the business.

Some gangs even use the data they steal during ransomware attacks for additional extortion attempts later on. For example, one gang member stole thousands of patient records from a psychotherapy practice. The records contained the patients' personal data and therapy-session transcripts. Initially, the gang member posted some of the patients' personal data on a leak site to get the practice to pay the ransom. Two years later, the cybercriminal tried to blackmail individual patients directly, threatening to expose their personal data and transcripts if they did not pay up.

The REvil gang probably had multiple extortions in mind when it picked Quanta as a target, as this company has many high-profile customers (e.g., Apple, Dell, HP, Microsoft, Toshiba). "Quanta was likely a target of opportunity and was likely pursued not because it would pay a large ransom, but because it held confidential data belonging to many of its customers and those customers could be extorted for ransoms," according to a threat detection expert.

Cybersecurity flickr photo by Infosec Images shared under a Creative Commons (BY) license


What Businesses Need to Know about Upgrading to Windows 11

Microsoft recently released the newest version of its flagship operating system software. Here is what you need to know about Windows 11 to make an informed decision about when to upgrade the computers in your business.

Although "Brings you closer to what you love" sounds like a slogan you'd find on Subaru's website, it is the catchphrase that Microsoft is using to launch Windows 11. "Windows 11 brings you closer to what you love and is designed with you at the center," said Panos Panay, the chief product officer of Windows + Devices at Microsoft. For example, the new AI-powered Widgets will get you closer to the information you want and the new Chat feature in Microsoft Teams will get you closer to the people you care about, according to Panay.

And this guide will get you closer to what you need to know about Windows 11 so you can make an informed decision about when to upgrade the existing Windows 10 installations in your business.

The Editions

Windows 11 has the same editions as its predecessor. They are:

  • Windows 11 Pro
  • Windows 11 Pro for Workstations
  • Windows 11 Pro Education
  • Windows 11 Education
  • Windows 11 Enterprise
  • Windows 11 IoT Enterprise
  • Windows 11 Home

Having the same editions will make it easier for businesses to upgrade their computers. And the price is right — Windows 11 is a free upgrade no matter which edition is being used. The computers just need to be running Windows 10 (version 2004 or later) and meet the Windows 11 system requirements.

 

The System Requirements

Windows 11's minimum system requirements are as follows:

  • A 64-bit compatible processor or System on a Chip (SoC) that is 1 gigahertz or faster and has two or more cores. It is important to note that Windows 11 is not available as a 32-bit OS, but it does support 32-bit Windows apps.
  • At least 4 gigabytes (GB) of random-access memory (RAM).
  • At least 64 GB of storage space for the Windows 11 installation. Additional storage space might be needed to enable specific features and download updates.
  • Unified Extensible Firmware Interface (UEFI) firmware that is Secure Boot capable. The legacy Basic Input/Output System (BIOS) firmware is not supported.
  • Trusted Platform Module (TPM) 2.0. Virtually all computers built since 2015 include TPM 2.0 support, according to experts. However, it might need to be enabled in the firmware settings.
  • A graphics card that is compatible with DirectX 12 (or later). It must have a Windows Display Driver Model (WDDM) 2.0 driver.
  • A 9-inch (or larger) monitor that has a high-definition display (aka 720p display) and 8 bits assigned per color channel.
  • An Internet connection to perform updates. In addition, some features need an Internet connection to work.
  • A Microsoft account if Windows 11 Home edition is being installed. This edition does not support local accounts.

As mentioned, these are the minimum requirements. Some features have additional requirements. You can find a complete list on the "Windows 11 requirements" web page. This site also includes information on what is needed to run Windows 11 on a virtual machine (VM).

You can use Microsoft's free PC Health Check app to see whether your company's computers can run Windows 11. The app identifies compatibility issues that will prevent an upgrade. The older the computer, the less likely it will pass the compatibility check. Computers purchased before 2017 are almost certain to be incompatible, according to experts.

In some cases, Windows 11 can be installed on computers that do not meet the minimum requirements. However, this is risky. Microsoft will not support these installations, which is particularly detrimental because they will be prone to compatibility problems. In addition, unsupported installations do not receive updates, so these computers will be at higher risk of cyberattacks.

While you might not love the fact that Windows 11 has such stringent requirements, Microsoft has its reasons for establishing them. Besides improving reliability and app compatibility, the more advanced hardware helps protect Windows 11 devices from cyberattacks. For example, Secure Boot prevents malicious code from being installed when a computer starts up.

"Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices," according to The Windows Team.

 

The Rollout

The upgrade to Windows 11 is optional. This means you and your staff can continue to use Windows 10 for several more years if desired, as it is not scheduled for retirement until October 14, 2025.

If you want to upgrade to Windows 11, you might have to wait a while. Microsoft is distributing it in a phased rollout through Windows Update. Even though machine learning is being used to guide the rollout, it is expected to last until mid-2022. You can find information about the rollout's progress and the problems being encountered in the "Windows 11 known issues and notifications" web page.

When it is your turn to download Windows 11, a notification inviting you to do so will appear in the "Windows Update" page in Windows 10's Settings app, assuming your computer meets the minimum system requirements. If your machine does not meet the requirements, you will receive a message like that in Figure 1. You would need to run the PC Health Check app to find out which requirements are not being met.

If you do not want to wait for the download invitation to arrive, you can obtain Windows 11 from the "Download Windows 11" web page. However, you must first make sure that your computer meets the minimum system requirements. The methods to install Windows 11 are the same as those used to install Windows 10.

Windows 11 Support

Microsoft has improved the support policies for Windows 11. It is now providing two years of support for the Home, Pro, Pro for Workstations, and Pro for Education editions. This is a six-month extension compared to Windows 10, as Table 1 shows. The support periods for the other editions have also been extended to three years.

Microsoft has also changed how often it will be releasing feature updates. They will now be issued annually in the second half of the year. Security updates — which Microsoft refers to as "quality updates" because they also include non-security fixes — will continue to be released on the second Tuesday of each month.

 

A Difficult Decision

Deciding whether upgrade to Windows 11 now, later, or perhaps never can be a difficult decision. This guide has gone over some of the basic information you need to know to make an informed decision. We can provide you with additional information to consider based on your company's specific needs and IT systems.

 

Table 1: Update and Support Policy Changes in Windows 11

Windows 11 Windows 10
Feature updates (all editions) Once a year Twice a year
Quality updates (all editions) Once a month Once a month
Support period for the Home, Pro, Pro for Workstations, and Pro for Education editions 24 months from the release date 18 months from the release date
Support period for the Enterprise, IoT Enterprise, and Education editions 36 months from the release date 18 or 30 months from the release date, depending on the version

 

Microsoft Windows10 flickr photo by TheBetterDay shared under a Creative Commons (BY-ND) license


10 Million Android Devices Have Been Infiltrated by GriftHorse Trojan Apps

Disguised as legitimate apps, the GriftHorse malware has found its way onto more than 10 million Android devices. Learn how to determine whether your phone is one of them.

Mobile malware dubbed GriftHorse has found its way onto more than 10 million Android devices in more than 70 countries, including the United States. Cybercriminals are using GriftHorse to carry out billing fraud. "The cybercriminal group behind the GriftHorse campaign has built a stable cash flow of illicit funds from these victims, generating millions in recurring revenue each month with the total amount stolen potentially well into the hundreds of millions," according to the Zimperium zLabs researchers who discovered the malware.

 

How the Attack Works

GriftHorse is a trojan horse — in other words, malware disguised as a legitimate program or file. In the GriftHorse campaign, the cybercriminals created more than more than 200 trojan apps covering a wide variety of interests (e.g., dating, entertainment, finance, music, utilities) to get a broad pool of potential victims. The cybercriminals posted the trojan apps in the Google Play store and other third-party app sites.

Although Google immediately removed the GriftHorse trojan apps from its store once it learned about them from the researchers, they are still posted on some third-party app sites. "These malicious Android applications appear harmless when looking at the store description and requested permissions," noted the researchers. But these apps are far from harmless. Android users who download and install them will be blasted with popups (at least five per hour) telling them they have received a gift or won a prize. To claim it, all they need to do is click the provided link. The link leads to a geo-specific web page that asks them to submit their mobile phone numbers for verification purposes.

If the Android users comply, the malware uses their mobile phone numbers to subscribe them to premium SMS services, without their knowledge or consent. Premium SMS services allow one party (e.g., a company or charity) to collect money from a second party (e.g., a customer or donor) via text message. The amount due appears as a charge on the second party's mobile phone bill. GriftHorse victims usually find a fraudulent charge of $35 or more per month on their bills. If the victims do not regularly check their phone bills, they might not even realize the charge is there.

 

Is Your Phone Infected?

If you have an Android phone, you might want to determine whether it has been infiltrated by a GriftHorse trojan app. Fortunately, the researchers have created a list of apps known to conceal GriftHorse. Although the list is not alphabetized, you can use your browser's Find functionality to check the apps you have installed on your device against this list. If any of your apps are on the list, you should uninstall them.

 

Other Measures You Can Take to Protect Your Phone from Trojan Apps

Admittedly, spotting trojan apps like GriftHorse in app stores can be hard if they are well designed. However, there are measures you can take to protect your Android phone from trojan apps and the malware they harbor:

  • Install only those apps you need. Every app installed on your device presents a security risk. Thus, it is best to keep the number of apps to a minimum.
  • Install apps only from official app stores such as Google Play. Although trojan apps sometimes find their way into the official app stores, the risk is much greater if you download apps from third-party sites. Plus, official app stores are quick to remove apps that are found to be malicious.
  • Research any app you want to install on your Android device, even if you will be downloading it from an official app store. Look at the program's user ratings and reviews in the app store. In addition, perform Internet searches on both the program and its developer to see if there have been any security issues in the past.
  • Pay attention to permissions. Watch for permissions that seem excessive for what a program does. Although the GriftHorse trojan app's requested permissions were not excessive, that is not always the case. Be particularly wary of apps that ask to become a device administrator, as this will allow the apps to control your phone.
  • Make sure the Android operating system software is updated. System updates patch known vulnerabilities, which helps reduce the number of exploitable entry points.
  • Use a security solution to detect and block known malware. Some solutions will even scan apps for suspicious elements before you install them.

Google Android Apps flickr photo by Visual Content shared under a Creative Commons (BY) license


Three Extremely Risky Practices to Avoid

A common question among businesses looking to improve their cybersecurity defenses is "Where should we focus our efforts?" A good place to start is to make sure your company is not engaging in risky practices. Here are three bad practices to avoid.Read more


How to Tame the “News and Interests” Box

Microsoft quietly added the new "News and interests" feature to the Windows 10 taskbar. This feature can launch without you explicitly starting it, causing a big box to block part of your computer screen. Find out what you can do to control it.

If you use Windows 10 often, this might have happened to you: You are working on your computer when suddenly a big box like the one in Figure 1 fills the right side of your screen. The box containing the weather forecast, news feeds, and other contents is not only distracting but is also preventing you from working on the tasks you need to complete.

This box is the new "News and interests" feature that Microsoft quietly added to the Windows 10 taskbar through monthly updates. By default, the box launches whenever you hover your cursor over its button in the taskbar — no clicking required. And since the taskbar button is large (it displays both an icon and text, as Figure 1 shows) inadvertently hovering over it is easy to do.

Fortunately, you can disable this feature or at least configure it so that it won't launch when you just happen to move your cursor over its button.

 

How to Tame the Big Box

If you find that the "News and interests" box is too distracting or a productivity killer, here is how to tame it:

  1. Right-click the feature's taskbar button at the bottom of the screen. Alternatively, you can right-click an empty spot in the taskbar. This will bring up a menu of taskbar options.
  2. Select "News and interests" in the taskbar menu. The submenu shown in Figure 1 will appear.
  3. Click "Turn off" if you want to disable the feature. Alternatively, you can deselect the "Open on hover" option if you want the "News and interests" box to appear only when you explicitly click the feature's button.

Figure 1.

 

What to Do If You Change Your Mind

Disabling the "News and interests" feature removes its button in the taskbar. If you later find that you want the feature back, follow these steps:

  1. Right-click an empty spot in the taskbar to bring up the menu of taskbar options.
  2. Select "News and interests" in the taskbar menu.
  3. Click either the "Show icon and text" or "Show icon only" option in the submenu to enable the feature. Note that "Turn off" is not a toggle switch like the "Open on hover" option. As a result, clicking "Turn off" will not deselect the option and enable the feature.

The "Show icon and text" and "Show icon only" options control what is displayed in the feature's taskbar button. For example, suppose it is cloudy and 64 degrees outside. The button will display an image of a cloud and the text "64oF" (see Figure 2) if "Show icon and text" is selected but only the cloud image if "Show icon only" is chosen.

Besides customizing how the feature's taskbar button looks, you can personalize what is displayed in the box. The quickest way to do this is to click the gear icon in the right corner of the box and select "Manage interests". In the page that appears, you can select the types of feeds you want to receive.

Figure 2.

Have a Lot of Computers?

If you want to disable the "News and interests" feature on numerous Windows 10 computers, you can use Group Policy to quickly configure the machines. When the feature is disabled with a policy, users do not have the ability to re-enable it. We can help you create this policy if you need assistance.


What Businesses Need to Know about the Semiconductor Chip Shortage

The semiconductor chip shortage is real and not simply scarcity marketing. Find out why there is a chip shortage, the problems it is causing, and how businesses can cope with the situation.Read more


T-Mobile Breach Exposed the Personal Data of 54 Million Customers

The T-Mobile data breach in August 2021 was massive. Find out what data was stolen, what T-Mobile is doing to help customers affected by the breach, and how to protect yourself even if you are not a breach victim.Read more


The Latest Data Breach & Why It Keeps Happening

The growing value of information is increasing the incentive of hackers to obtain data from both individuals and organizations. These incidents include ransomware attacks in which the perpetrator encrypts the victim’s data or threatens to publish that data unless the victim pays a ransom. Another tactic is to simply sell the information, either to a specific party or the highest bidder.

The data breach at UC San Diego Health (UCSDH) is one of the most recent of these attacks and is especially significant due to the large number of protected health information (PHI) records involved.Read more


Using Mobile Hotspots Safely

Connecting to the internet in public incurs additional security risks regardless of the specific computing device you use. You’re in close proximity with people you don’t know, which could include hackers trying to use your access without your permission. This occurrence could increase your mobile bill if the additional data usage causes you to exceed the maximum for your data plan. Improving the security of your mobile hotspot can help you avoid this scenario.Read more


8 Actions Your Business Can Take Now to Avoid Paying a Ransom Later

The number of ransomware attacks have exploded in 2021 — and so, too, have the size of the ransoms. Here are eight actions that companies can take so they do not have to pay a big ransom to get their data back.

The number of ransomware attacks have exploded in 2021. The month of July started out with a big bang when cybercriminals encrypted the data in as many as 1,500 small businesses in one fell swoop. The hackers infiltrate the companies' IT systems by exploiting a vulnerability in a Kayesa software tool. The cybercriminals are demanding $70 million to restore the data in all of the affected businesses.

It is unknown at this time whether Kayesa will pay the ransom to get the decryption key. Chances are it might based on recent ransomware attacks. For example, JBS USA paid $11 million in June 2021 to get its data back. And in May 2021, both Brenntag and Colonial Pipeline Company paid a $4.4 million ransom.

The situation is getting so dire that four states — New York, North Carolina, Pennsylvania, and Texas — are considering passing legislation that would limit or ban ransom payments. Their hope is that the number of attacks will significantly decrease once companies stop paying the ransom.

In the meantime, it is up to businesses to protect their data. Here are eight actions that companies can take so they do not have to pay a big ransom to get their data back:

 

  1. Use But Don't Rely Solely on Security Solutions

Security solutions detect and block ransomware as well as other types of malware. Thus, it is important to use security solutions to protect your company's computing devices, including smartphones and tablets.

However, using a security solution does not necessarily mean that your company will be protected from every ransomware attack. An infection might still occur for a number of reasons. For starters, some security solutions provide more capabilities than others. For example, some offer behavior-based malware detection in addition to signature-based malware detection. Plus, security solution providers set their own schedule for releasing updates. Software that is frequently updated will offer better protection than one that is not.

Even the best security solutions cannot protect against ransomware attacks that have not been seen before. Cybercriminals know this, so they continually devise new attacks as well as overhaul existing ones. Therefore, you need to take additional measures to protect your business against ransomware.

 

  1. Make Sure Software and Firmware Are Being Updated

To carry out ransomware attacks, hackers often exploit security vulnerabilities to gain access to programs and devices. Updates are typically used to patch known vulnerabilities. For this reason, you need to make sure that the software and firmware are being regularly updated on your company's devices, including servers, desktop computers, smartphones, tablets, printers, and routers.

Updates are often automatically installed in operating system software and mainstream apps. However, it is a good idea to periodically make sure this is occurring. If updates are not automatically installed, they will need to be manually done.

 

  1. Require Two-Step Verification

In some ransomware attacks, cybercriminals use compromised credentials for an Internet-facing app or system to initially access a company's network. Or they might use credentials they have stolen from the compromised device to access and install the ransomware on other computers (especially hosts and servers) in the network.

Requiring two-step verification (aka two-factor authentication) when logging into business accounts can thwart hackers' attempts to initially access a network and propagate ransomware in it. Even if an account's password is compromised, it cannot be used to gain access to the account since an additional form of verification is needed.

It is best to use two-step verification for all types of accounts, including app, service, and administrative accounts. If using two-step verification is not possible, your company should require the use of strong account passwords and implement an account lockout policy to defend against brute-force password-cracking attacks.

 

  1. Change the Default Macro Setting

Some Microsoft Office apps (e.g., Word, Excel, PowerPoint) give users the ability to create macros when they want to automate tasks that they perform repeatedly. Once created, users can run the macros anytime they need to perform those tasks, saving time and effort.

Unfortunately, cybercriminals like to create Word and Excel macros that initiate ransomware attacks. Sometimes they attach the macro-laden files to phishing emails and text messages. Other times, they include links to the files in the email and text messages. In the phishing or text message, the hackers try to trick the recipients into opening the files.

By default, the Office apps that support macros are configured to automatically disable any macros in files. However, users are given the option to enable them. If they do so, the macros run and the ransomware is unleashed.

Thus, it is a good idea for your company to change the default macro setting from "Disable all macros with notification" to "Disable all macros without notification" in the Office apps that support macros. That way, employees will not be given the option to enable a macro if a file includes one. Unless macros are routinely used in work files, receiving a legitimate file that contains a macro is rare. If your employees regularly send and receive files containing macros, your company can take advantage of digitally signed macros. In this case, you would change the default macro setting to "Disable all macros except digitally signed macros".

 

  1. Apply the Principle of Least Privilege

To reduce the risk of a ransomware infection starting and spreading in your company's network, it is a good idea to apply the principle of least privilege whenever possible. In other words, you should limit employees' permissions and access to company resources to the minimal level that will allow them to perform their job duties. In addition, the access should be in effect for the shortest duration necessary.

The ways in which you can apply the principle of least privilege will depend on your IT environment and employees' job duties. For example, if the operating system software being used on your company's desktop computers lets employees connect to and control their machines from a remote device using the Remote Desktop Protocol (RDP), you should limit the ability to create RDP sessions to only those employees who must use them as well as take measures to secure those sessions (e.g., deploy an RDP gateway). If no one needs to access their desktop computers from remote devices, the ability to create RDP sessions should be disabled.

Similarly, you might want to restrict employees' ability to install and run apps on their desktop computers and any company-provided mobile devices. This will reduce the risk that employees will inadvertently download and install ransomware-infested apps on company devices. Hackers often hide ransomware in pirated versions of popular commercial apps, which they offer for little or no cost to entice people to download them.

 

  1. Teach Employees to Be Cautious

Teaching employees to be cautious can go a long way in helping your company avoid becoming a ransomware victim. For starters, you should let employees know about the dangers associated with:

  • Clicking links in email and text messages from unknown senders. These links could lead to malicious websites designed to install malware on visitors' devices or steal the visitors' personal data.
  • Clicking links in strange email and text messages supposedly from people they know. Hackers sometimes hijack a person's email or text account so they can use it to send phishing messages to the masses. Hackers also use hijacked accounts to send personalized messages to a victim's contacts. They masquerade as the victim to make the email seem legitimate, thereby increasing the likelihood that the recipient will click the link.
  • Checking out clickbait. Clickbait refers to text links ("You won't believe ...") and thumbnail image links designed to entice people to view content on another web page. While clickbait is typically used to increase page views and generate ad revenue, cybercriminals sometimes use it to send people to malicious websites.
  • Scanning quick response (QR) codes in online message boards, forums, and other public sites. Typically, anyone can post messages with QR codes — including cybercriminals — in these venues. The QR code might lead to a malicious website.
  • Opening files attached to email or text messages. If the attachments are not expected, they might contain malicious code (e.g., a macro or script) that leads to a ransomware infection or another type of cyberattack.
  • Opening a password-protected file (especially if it is a compressed archive file) sent via email or text message if that message includes the password needed to unlock the file. When this occurs, there is a good chance that the file contains malicious code.

 

  1. Stress the Importance of Heeding Warnings

Software programs often includes features that help protect their users from security threats like ransomware. For instance, most web browsers flag web content that is a potential security threat. Browsers also block pop-up ads by default since these ads often contain malicious code or links to malevolent sites.

Some employees, though, ignore the warnings. A few even disable the security features. For example, they might disable the pop-up blocking functionality in their web browsers or jailbreak their smartphones. Therefore, you need to stress the importance of letting the security features do their job and taking their warnings seriously. Otherwise, the employees might find one day that their files are being held hostage.

 

  1. Perform Backups

Cybercriminals are constantly devising new ransomware variants and new ways to spread them. As a result, an infection might occur despite your best efforts to avoid one. Thus, you need to regularly back up your files and systems on your company's computing devices, including mobile devices. You also need to test those backups so make sure the files and systems can be restored.

Although having restorable backups will not prevent a ransomware attack, you won't have to pay the ransom if the attack is successful.

 

Other Actions

There are other actions that companies can take to defend against ransomware attacks. We can make sure that your business has covered all the bases so that it will be protected from ransomware and other types of cyberattacks.

 

 

Ransomware statistics flickr photo by Infosec Images shared under a Creative Commons (BY) license