As explained in Part 1, cybersecurity can be best described as methods, processes or technologies that help protect the integrity, confidentiality and availability of computer systems, networks, and data against unauthorised access and cyber-attacks.
In this article, we look at Ransomware & Phishing, what they are and how we can combat an attack or data breach.
Ransomware– What Is It?
Ransomware is a type of malicious software — malware — that blocks access to a device or data until a ransom is paid. Both organizations and individuals could be targeted by attackers.
What Does It Do?
When a device is infected with ransomware, some type of digital lock or encryption is applied, effectively preventing you from accessing your files or your device. A criminal group will then demand a ransom in exchange to decrypt your data.
To Pay or Not to Pay?
Law enforcement advises not paying – therefore it is imperative to have an OFFSITE BACKUP.
If you do pay the ransom:
- there is no guarantee that you will get access to your data or computer
- your computer will still be infected
- you will be paying criminal groups
- you’re more likely to be targeted in future
Do not rely on ‘honour amongst thieves’.
Don’t Become a Ransomware Victim
- AVOID unknown links, ads, and websites.
- KEEP software up to date and patch known vulnerabilities.
- DON’T download unverified attachments or apps, and don’t access pirated content like illegally copied movies, music, and software.
- AUTOMATICALLY BACKUP data and files to a secure location daily or even hourly (if possible). Create an offline backup for your most important data and files.
- REPORT any ransom message, suspicious emails, or suspected ransomware activity to your security team as soon as possible. Quick action is critical when ransomware strikes.
Phishing | Invading Your Inbox
Learn How to Spot Phishing Emails
A phish is a deceptive email or message that looks legitimate and encourages you to take actions that could compromise your computer or network or reveal sensitive information.
Scammers use phishing attacks to steal valuable information and gain illegal access to systems.
Phishing emails (called “lures”) try to manipulate people by stirring strong emotions:
A single employee falling for a phish has been known to trigger serious data breaches that expose everything from business secrets to the confidential data of millions of people.
In your personal life, phishing can lead to identity theft, stolen data, and other long-term consequences.
How You Can Help Defeat Phishing:
- Don’t blindly trust anything that comes into your inbox. Always verify the authenticity of an email before you click any links or open attachments.
- Be suspicious of messages that are vague, generic, or impersonal, or that stir strong emotions, such as fear, empathy, urgency, or anger.
- Never trust an email that asks for personal or sensitive information, such as your username or password.
- Check the “From:” field closely but be aware that this information can be spoofed.
- Phishing websites may look legitimate by imitating company logos and using domain names that might be close misspellings or lookalikes.
This is only a starting guide and is meant to highlight some key areas that cybercriminals target.
If you take nothing else away from this article, remember if it feels odd it probably is, back up your data and check those email addresses and URLs carefully.
Some further reading can be found below:
National Cyber Security Centre: https://www.ncsc.gov.uk/collection/10-steps
IT Governance: https://www.itgovernance.co.uk/what-is-cybersecurity
Cybersecurity & Infrastructure Security Agency: https://www.cisa.gov/stopransomware
This post was written by Darren Cope, IT Manager for WSX Enterprise.
You can find me on LinkedIn: https://www.linkedin.com/in/darrencope77/