The risk of ransomware attacks has never been higher as cybercriminals have evolved their attacks and malware to be more difficult than ever to detect and prevent. The latest Sophos report “The State of Ransomware 2021” sums it up with around half of respondents believing that: “…ransomware attacks are getting increasingly hard to stop due to their sophistication.”
Technology intervention is helping somewhat in preventing ransomware attacks, but it is not enough. The Sophos report highlights the fact that ransomware attackers are using a mix of off-the-shelf ‘spray and pay’ and individual targeting. It is this targeting of individuals that adds a layer of difficulty in using technology to prevent attacks.
Because of the focus on the human, individual employees play a crucial role in defending an organisation from cyber attacks of all kinds, including ransomware. Here are our top seven suggestions for empowering employees with the know-how needed to reduce the risk of a ransomware attack.
How Employees Can Help Thwart The Risk of Ransomware Attacks
Ransomware attacks come in many forms, but a regular target of a hacker is an individual. Our employees are a doorway into the organisation if a cybercriminal knows how to open that door. The key to that door is often social engineering and phishing that starts the process of access to protected areas of a network. By empowering our employees with an understanding of how ransomware attacks begin, an organisation can reduce the likelihood of ending up a victim of malware. Here are seven top ways for employees to reduce the risk of a ransomware attack:
Train Employees to Spot the Tell-Tale Signs of Phishing
Phishing is a facilitator of ransomware attacks. Phishing and the results of phishing and spear-phishing, such as stolen login credentials, form the starting point of many ransomware attacks. Once an attacker has access rights, they can use those credentials to send internal emails (containing malware or links to malware infected websites) and/or login to enterprise systems using the Remote Desktop Protocol (RDP). A recent Windows vulnerability demonstrates how easy it is to escalate privileges using stolen login credentials. The vulnerability, known as PrintNightmare, facilitates the use of non-privileged login credentials to escalate the privileges of the user to allow install of malware across a network.
The act of empowering employees with knowledge of how phishing emails and spoof websites work can help stop a ransomware infection at the starting point of an attack. One tool that is used to help to train employees spot a phishing attempt is to use phishing simulations. This is a tool that can be tailored to your specific corporate needs to teach employees how to identify a phishing threat and reduce the risk of a ransomware attack.
Report any Suspicious Emails Immediately
If an incident does happen, for example, an employee clicks a phishing link and enters credentials into a spoof site, timely action is of the essence. A company has a short window of opportunity to mitigate the threat and stop an incident from becoming a ransomware infection. A report by Agari found that once credentials are stolen two-thirds of email accounts will be compromised the same day.
Incident reporting should be part of your organisation’s culture. But incident reporting needs to be encouraged and made simple by using a workflow-based reporting system that is designed to take the incident information quickly and simply before sending the data to the most appropriate person to deal with to help minimise the risk of ransomware attacks.
Don’t Overshare Personal Information
Phishing messages are often tailored to specific employees to make them more effective. Attackers may use social engineering tricks to obtain personal information to create these personalised spear-phishing messages. Teach your staff not to give out personal data unless necessary. This includes posting information on social media platforms, which are trawled for the data of employees of targeted companies.
Don’t open Suspicious Attachments in Emails
Employees must not open attachments unless they are sure they have come from a legitimate source. Phishing emails can also be used to deliver ransomware directly using malicious attachments. One example of ransomware delivery via email attachment is that of invoice scams. The email looks like it has come from a colleague or a business associate, and it contains what looks like an invoice, typically as a PDF or Word document or sometimes a zip file. If an employee clicks to open the attachment, this action initiates a malware download via a link in the attachment file. The malware will exploit any vulnerabilities (known or unknown) to execute the code and infect the machine.
Only use Verified and Known Sources for File Downloads
Employees should never download files or media from unvetted sites. The tactic known as a drive-by-download is used by cybercriminals to download malicious software without the knowledge or consent of the user. Drive-by-download attacks use scanners to look for vulnerabilities in browsers and other device software that is then exploited to install ransomware. Whilst your security team can put in measures such as keeping software patches up to date, employees should be trained to work with security policies that recognise the online dangers of drive-by-downloads to prevent the risk of ransomware attacks.
Use a VPN when using Public Wi-Fi
If an employee works remotely, they need to be aware of the dangers of using unsecured public Wi-Fi hotspots. If a private and secure Wi-Fi is not available, users should switch on a Virtual Private Network (VPN), or better still, always have a VPN running. A VPN creates an encrypted tunnel between the user’s browser and the internet. The VPN prevents any ‘Man-in-the-Middle’ attacks whereby a malicious outsider steals data, such as login credentials or personal information, or even potentially, injects malicious code such as ransomware.
Don’t Reuse Passwords
Stolen passwords are available for sale on the dark web and are behind 81% of hacking-related data breaches according to Verizon. These ‘passwords for sale’ are from previously phished credentials and hacked databases. The cybercriminals who buy these lists then use automation tools to hack into existing accounts. Even hashed passwords from database breaches can be broken. Forced reset of passwords also doesn’t work as many employees simply add an extra number or letter to the end of a previously used password. Corporate password policies need to be enforced through a culture of understanding that security is important to everyone.
Build a Ransomware Force Field with Your Employees
Ransomware is big business and cybercriminals behind the attacks are serious about it. In a recent exposé, a new ransomware gang, BlackMatter was found to be offering $100,000 for exclusive access to an organisation’s network to deploy ransomware and exfiltrate data. The prevention of ransomware is not a simple fix; however, your staff can be an effective front-line defence against attacks. It is only by including your employees in a 360-degree approach to prevent the risk of ransomware attacks that an organisation can hope to stave off an attack.