While cybercriminals are continually dreaming up new ways to target the vulnerable, SaskTel's security expert, Travis Spilak says that preparing yourself to protect your data is really not that complicated. The same methods we’ve always used still apply.
The first question I’m asked is, of course, what is ransomware?
The essence of a ransomware attack is to steal or take away access to information that’s necessary to run your business and then demand money in exchange.
The attacks have taken a twist recently. Instead of simply encrypting files, cybercriminals are copying files and information out of the environment before encrypting it. If companies opt not to pay the ransom, the criminals threaten to release that information to the public.
For example, your company gets attacked and you refuse to pay. You decide to deal with it yourself, recover, and get your business back up on its feet. Three or four weeks later, you get a notification that your information has been posted to the Internet. It could be anything—customer account numbers, personal information, important intellectual property.
Usually, the cybercriminals will just post a little bit of the information—just to prove that they actually have it. Then they'll throw another ransom demand on by saying, “Okay, you didn't pay us to decrypt your files, so you're going to pay us now or we're going to release your information to the public.”
At that point, you’re in a real bind because it's not within your control to deal with it anymore at all. The criminals have the upper hand because leaking that kind of information may actually destroy your business.
Another important question is how do I prevent this from happening to me as an organization or individual?
In the old days, hackers could just attack a firewall, break through, and get in. Today, computer security technologies are pretty good; I'm talking things like antivirus, firewalls, web filtering, email filtering, things like that. It’s important to build a system that recognizes malware threats and eliminates them for you.
The second thing we can do is make sure computers and mobile devices are updated frequently. Whenever a vendor provides an update for a device or software, it is highly recommended to apply that update. It’s quite possible the vendor has become aware that criminals have found a way to exploit the device and has included a fix in the update.
The third and most important thing to do is be leery.
Cybercriminals have turned to exploiting humans in a big way because we’re given a lot of privileges inside a computer environment. Within our businesses, we have access to file systems, databases, and applications. The criminals know that, so they basically attack the human to get a foothold in that environment.
Social engineering and manipulation of humans comes in a lot of different ways. One way is by email; criminals send you an attachment that contains malicious software that provides them access into your environment.
A second way is by phone; you receive a voice call from a caller claiming to be from Microsoft who needs access to fix your computer. They may ask for your email to send you a link or they may provide the link verbally over the phone.
We’re also starting to see more cybercrime using text messaging, iMessage, Facebook Messenger, and other mechanisms. Texters claim to be with the CRA, tell you that you have a refund pending, and provide you with a link to click on.
All of that said, the solution is really very simple. If you receive any kind of suspicious link, don't click it. Just delete it.
For more information on how to protect your business from ransomware threats, contact our team of IT experts.
We built Saskatchewan’s favourite networks so you can stay close to your people who matter most. Whether you’re overseas or just around the corner, we make sure you’re always connected to your friends, family, and your world.