Over the last 12 months, there has been a 16% increase in ransomare attacks, a Data Breach Investigation Report by Verizon, has revealed. Ransomware is a hot topic because of the organisations being targeted and because of how prevalent it has become. The report revealed that 89% of attacks “involve financial or espionage motivations”, with the former a clear catalyst.
While every single individual is at risk to a ransomware attack, there is certainly a higher degree of risk attached to businesses, more so those that handle confidential and sensitive information, for whom the effects of ransomware could be devastating from both a financial and reputational perspective.
Interestingly, the study noted how phishing is a growing concern, as it is evident a lot of people are not familiar with this tactic. For example, Verizon found that 30% of phishing messages were opened in 2015, which is up a massive 23% from 2014.
Phishing has been used by cybercriminals for years to access personal information. It can manifest itself as an email, text message or even a website.
Steve Flynn, Director of ESET South Africa advises companies to, “Backup, backup, backup. This may well be your saviour when faced with a ransomware outbreak in your organisation. Have an external backup that runs daily and make sure that you unplug the backup when it is not running, otherwise,it may also be encrypted.”
Despite advances in information security research and cyber detection solutions, we continue to see many of the same errors that we have known about for a decade or so.
The author of the report highlighted a “three-pronged attack”, which is, “being repeated over and over again” by cybercriminals.
It begins with a phishing email that comes with a link to either a corrupted website or attachment. On clicking through to a website or attachment, malware is downloaded onto a victim’s computer. This “establishes an initial foothold”, meaning that further malware can be downloaded to either encrypt data, access information and/or steal credentials. These credentials are used to carry out further cybercriminal activity, including breaching bank accounts.
Flynn also recommends organisations to implement IT admin policies around email attachments. “Network admin should enforce strict rules around allowing users to receive only necessary attachments, and furthermore, not allow or impose conditions around personal emails on the organisational network.”
ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users Enjoy Safer Technology®. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore, Buenos Aires and Cape Town. For more information visit www.eset.co.za or follow us on LinkedIn, Facebook and Twitter.