The Things to Know About Ransomware and Phishing
Cybercriminals are no longer solely attacking big corporations but are increasingly turning their attention to small firms.
Nearly half of the global cyber attacks logged during the course of 2015 were against small companies with fewer than 100 staff, as criminals sought to exploit their digital weaknesses to steal information, bring down websites and send spam. The issue of cyber security for small businesses is made even more pressing by new European Regulations aimed at protecting customer data even after Brexit. The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being fined up to €20m or 4% of their annual turnover, whichever is greater, for allowing any security breaches to compromise their customer data.
We highlight two of the biggest ways hackers steal or take control of your data, Ransomware and Phishing.
How Ransomware Works
Cyber criminals can deliver ransomware in different ways. Usually, it’s via links in malicious emails that trigger the automatic download of malware. This malware then takes advantage of vulnerabilities hidden in your software.
Kaspersky’s recent security bulletin states that vulnerabilities in internet browsers are the cause of 62% of malware infections, which include ransomware. The other 38 percent of viruses exploit common software, such as Adobe Flash Player and Java.
Once you download ransomware, depending on what type of ransomware it is, it can either lock your computer screen or encrypt your files using cryptographic keys. The criminal behind the cyber attack will then demand payment before they either unlock your screen or give you the private cryptographic key so that you can un-encrypt your files. Of course, paying this ransom is not a guarantee. Some criminals will take your money and leave you with nothing.
Phishing is a way for hackers to gain protected information, tricking people into giving away bank credentials, social security numbers, passwords, and more. That’s why phishing emails are considered to be the main vehicle for identity theft. They look legitimate, and most people don’t realize it’s a scam until it’s too late. Phishing can be categorised in two different ways:
General phishing is sent in a blast for multiple people and acts like a boilerplate trying to attract someone to click and enter pertinent information.
Spear phishing is more direct, and a specific person (or specific group, such as executive, HR, or finance staff) is identified and targeted. The person of interest is sent an email from someone they trust asking for sensitive information. The majority of the time, the email comes from high-profile individuals, such as the CEO emailing someone in the finance department for account information.
Phishing isn’t necessarily as profitable as ransomware, but the value isn’t in the money—it’s in the information. The National Insurance numbers, passwords, and any other information acquired in a phishing attack could be sold to someone else. Phishing attacks can cause more wide-ranging damage than ransomware because your information can be used to give someone a new identity or open up lines of credit in your name.
When it comes to ransomware and phishing, the user is both the strongest defence and the weakest link. Hardware and software can only go so far to protect your systems, but if the user is knowledgeable, ransomware and phishing can be more preventable.
- Be very careful about opening unsolicited attachments – most Windows ransomware has been embedded in documents distributed as email attachments
- Emails asking for personal information – it may say something like your password has expired, please update by clicking this link (directing you to a spoofed website)
- Most emails will have grammar errors – This could be one misspelt word or random capitalisations in the emails. The errors are usually very subtle, and often resemble something that would have come from a trusted source.
- The hyperlink goes somewhere else – Anyone can change the hyperlink in an email to say something completely different. Before you click, hover over the link to check where it will really take you.
- Beware of anything before the forward-slash – Adding periods or dashes before the forward-slash tricks people into clicking the link because it looks like the right URL at first glance. For example http://payapl.com-stz.info/ isn’t going to paypal.com. By adding periods or dashes before the forward-slash or using a misspelling that’s hard to spot, it takes users to a different domain
Similar articles you might like...
IT Contractors – Create a LinkedIn Profile that will Attract Recruiters
An IT contractor's LinkedIn profile can be a fantastic tool for securing new contracts – in addition to allowing you to discover IT contract opportunities, it gives you the chance to showcase your skillset to recruiters and prospective clients.
Mental Health in the Recruitment Industry – Then VS Now
With the next 7 days being ‘Mental Health Awareness Week 2021’, I couldn’t think of a better time to share my perspective around where mental health in recruitment used to be, and more importantly, where it’s going.
MS Dynamics 365 Developer
Birmingham, United Kingdom
£30k per year
MS Dynamics 365 Developer – Remote – £30,000We have a great opportunity for a MS Dynamics 365 Developer who wants to really make a difference in their next role and work for a charity based...
O365 Project Lead
Cardiff, United Kingdom
£350 - 400 per day
O365 Project lead (Intune) – Contract – 3 months initial – Inside IR35 (NHS) – Cardiff / RemoteA major NHS Trust in wales is undergoing a large scale mobilisation project and is looking for an...
MS Dynamics CE Functional Consultant
Birmingham, United Kingdom
£55k - 60k per year + Benefits
MS Dynamics CE Functional Consultant - £55K - £60,000 – Fully RemoteWe are recruiting for multiple Functional Consultants to work with a Microsoft Gold Partner within their Professional Services team specifically working with Microsoft Dynamics....
London, United Kingdom
£55k - 60k per year
Reliability Engineer – London (Remote), £60,000We’re excited to partner with one Europe’s market leaders within the entertainment and media space who are hiring for a Reliability Engineer to join the Group Content Delivery Team. As...
SC Cleared Network Engineer
London, United Kingdom
£500 - 600 per day + Inside IR35
SC Cleared Network Engineer – 6 month – Remote/London - £500-600p/d (Inside of IR35)*This role sites inside of IR35 and so requires you to work with one of our umbrella partners* I am currently working with...