Written by Christoan Smit
9 Sep, 2019
You’ve seen what it looks like on the TV. You might even know one or two people to whom it has actually happened. Yes, we’re talking about that moment when all your hard work gets ‘kidnapped’ by a cyber criminal and held hostage, with threats of destroying it all unless you pay up before their deadline.
Firstly, you need to understand how ransomware is delivered onto your system. It’s a relatively short list, but very important to understand:
Probably the number one method of delivery of ransomware – the malicious email that somehow slipped through the firewall and spam filters. A malicious email contains either a malicious link, or a malicious attachment, or both, and comes from a fake email address.
Fake email addresses fall into two broad categories: Real email address belonging to people who were lax with their cyber security and lost control of the account, or email address that, at a quick glance, look like the real thing.
User education, user educated and user education! The people in your organisation need to be educated so that they can quickly and easily spot a fake email.
Malicious links don’t always come in emails, texts or on social media; sometimes an entire website could be run by hackers (and look quite legit on face value). A malicious link is usually where additional malware is stored, uploaded to your computer and activated – often only at a later date, to help divert suspicion from off the website.
Again, user education. To spot a fake website, you have to read the web address ‘backwards’. Let’s use this made-up example:
The / forward slash is what separates the main website address from the individual pages. Ignore everything to the right of the / then look at what comes directly to the left – in this example it’s security.ru.co – in other words, not HSBC!
In this example, ignore everything to the right of the very first /
You also need a respectable anti-virus that, when clicking on any web links, checks them first before allowing you through.
Inadvertently giving the wrong people physical access to your computer systems could be disastrous. Physical access means a hacker (e.g. posing as a client, delivery man, contractor, lost person etc.) could have unfettered access to your system, planting all manner of malicious software.
Make sure your workstations and servers have good passwords, and that they automatically lock themselves after 3-5 minutes of inactivity. Windows Autoplay should also be turned off on all workstations so that a hacker can’t unobtrusively slip a USB drive into an unattended, locked workstation, which would then automatically upload malicious code as soon as the workstation is unlocked/switched on.
Also educate all your staff to lock their workstations whenever they get up or leave the room – the shortcut is pressing the ‘Windows’ key and ‘L’ at the same time. Try it.
Servers need additional security such as lockable cabinets and CCTV covering the area.
Check websites like https://www.hoax-slayer.net or https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime to familiarise yourself with current scams and how cyber criminals operate.
Don’t get too excited. “You won something” scams rely on your being too excited to think straight.
Don’t get greedy. “We’ll pay you to…” and “You won something” scams rely on greed.
Don’t be embarrassed. “Your porn account is now active” scams rely on your embarrassment if someone else sees that.
Don’t fear (unless you really have been up to mischief, tut-tut). “You’re going to get arrested for tax evasion” scams rely on your fear of the law.
Don’t be too emotional. “Urgent warning! Share with others!” scams rely on emotional overreaction.