We hear the term “Social Engineering” quite often nowadays and we have recently even written about its basics. That encompassed a wider area, including various forms of it, but most of them were not related to cybersecurity. In this article, we’ll have a look at how phishing together with ransomware and a bit of social engineering is used by criminals to blackmail unsuspecting victims and what can be done to prevent you from falling victim to these crooks.
Phishing has become a big player in malware attacks in the last few years and proving this type of social engineering hard to overcome. Attackers usually send well-crafted emails with seemingly legitimate attachments that carry a malicious payload. These aren’t the typical “Nigerian Prince” scammers, but rather sophisticated hacking groups with sufficient time and funding who launch these exploits. They usually hide behind a Tor network or the like and become hard to find, especially when they are backed by organized crime who use this as a source of income.
In the recent years, we’ve seen a dramatic increase in the use of ransomware being delivered alongside phishing emails. They usually send an attachment such as “URGENT ACCOUNT INFO” with a file extension of “.PDF.zip” or “.PDF.rar,” which slips by the unsuspecting victim and delivers the payload. This attack often encrypts the entire hard disk (some of the less damaging forms simply block your access to the computer, but do not encrypt – such as this example), or the documents and requires a bitcoin payment to unlock. Luckily, these groups actually do unlock the data, this way future victims are more likely to pay.
What can you do to minimize the chances of yourself as an individual of falling a victim to these dirty schemes? Here are a few steps you can take:
- DO NOT open emails in the spam folder or emails whose recipients you do not know.
- DO NOT open attachments in emails of unknown origin.
- Use a reputable antivirus software – we recommend Kaspersky, which ranked the highest in our tests.
- Perform a regular backup to an external medium (external hard drive or the cloud)
- After backing up, disconnect your drive. Current ransomware is known to encrypt your back up drive as well.
- DO NOT pay the ransom. The reason why the criminals keep utilizing this form of blackmailing attacks is that people keep paying. To try to get your data back, consult a professional in your area.
What can your company do to prevent being victimized by these types of attacks?
- Humans need to be trained – they are the weakest link. Companies should employ at minimum a bi-annual training geared towards each user group (end-users, IT staff, managers, etc.) so that everyone is aware of the latest attacks.
- Employees should be tested by having an outside party conduct a social engineering test, like something from Rapid7 or LIFARS. These kinds of tests help keep the employee on their toes and more likely to avoid the attacks.
- Since these attacks are on the rise, a number of new defenses have been developed. AppRiver is a great Spam and Virus email filter that can block a large number of phishing exploits before they even reach the internal servers.
- If they happen to get through, Kaspersky Labs has an excellent endpoint protection system that can block even the latest malware, and recently they just released a video showing how they prevented a Ransomware attack from being successful.
- As a last line of defense, Cyphort has a good IDS/IPS solution that can help detect known attacks and how far they managed to get into the network by signature, behavior, and by community knowledge.