Unfortunately, yes. There are legitimate AND fake ransomware attacks.
Good news is, the end-user needs to take the same precautions to mitigate risks of real or fake ransomware attacks; remaining educated on cyber security is an asset.
Better news, we offer solutions to layer on to protect your environment, as well as Security Awareness Training to educate your end users.
Let’s talk ransomware.
What is ransomware? Ransomware is a form of malware that encrypts files. The attacker then demands a ransom from the victim to restore their access to the data. This is especially dangerous because access to data on computer networks, mobile devices, and servers will all be locked until the victim pays the demanded ransom. For a business like yours, this can make or break you.
Attackers are aware that any sign of ransomware causes panic. Especially when using common attack methods – extortion, blackmail, threats, etc. – that are designed to generate fear in the reader. Attackers rely on this fear and panic to motivate the victim to give into demands regardless of how much money they are seeking.
These attacks have been so successful, the bad guys have realized they can simply create fake ransomware.
Rewind, what is fake ransomware?
Fake ransomware is simply a message stating false information that is sent to an end-user, demanding ransom.
These are often delivered in the form of emails spoofing a known address or pop ups that take focus on your computer and are difficult to close out.
These messages may tell a user their data has been stolen and encrypted and they must ‘click here’ to unlock data, enter credentials to check their account, review what files have been encrypted, etc. Essentially, the attacker does not presently have access to your environment but counts on your panic causing you to click a link which then does provide them access.
These messages may also exploit or blackmail, telling the victim they have videos, pictures, or screen shots of them that do not exist. They will then ask for a payout to delete this sensitive data and keep quiet.
However, none of this is true. These are simply messages used to induce fear and hope the victim pays.
Your organization needs a strong cyber security solution stack, regular end-user education and testing, as well as a plan in the event of an attack. This protocol must prevail even in fear and panic.
Having an IT partner that values and focuses on cyber security in every area of business is crucial.
Mitigate these risks with forward-thinking solutions and end-user training.
Have a plan in the event of an attack.
Secure an IT partner that can respond intelligently in a worst case scenario.
Read more here.