Email Security Blog

Spear Phishing and Ransomware: What You Need to Know During the COVID-19 Pandemic

If you’re familiar with ransomware attacks, I am sure you would agree that they rank among the most frustrating types of cybercrime, especially for a business.  The often begin with spear phishing—which is as email disguised to be someone you know or trust.  The recipient unknowingly clicks on a link that contains a specific form of malware that has the ability to lock you, and your company, out of critical data.  The cyber actor behind this phishing scheme will then demand money in exchange for the hijacked files.

In 2019, adjusted losses due to ransomware were more than $8.9 million, which is more than double that of the year before.1,2 And what might 2020 hold in terms of ransomware attacks? According to the FBI, there has been a spike in reported cybercrimes since the beginning of the pandemic as companies went increasingly online. “We have increased vulnerabilities online, and increased interest from threat actors to exploit those,” said Tonya Ugoretz, the deputy assistance director of the FBI’s Cyber Division.  Prior to the COVID-19 pandemic, the Internet Crime Complaint Center (IC3) was receiving about 1,000 complaints a day.  The pandemic has caused daily call volume to spike to 3,000-4,000.3

As ransomware techniques become increasingly sophisticated, there are precautions every business should take, some of which include:

  • Consider and many benefits of cloud-based email security service that prevents phishing. INKY is an affordable solution that uses computer vision and machine learning to catch malware and similar threats before it’s too late. As an added bonus, INKY’s banner system doubles as a training mechanism, alerting employees when suspicious emails arrive to their inboxes.
  • Patch operating systems, software, and firmware on devices, which may be made easier through a centralized patch management system.4
  • Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary.4
  • Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.4
  • Back up data regularly, and regularly verify the integrity of those backups. 4
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline. 4

If you’re wondering what experts say about paying ransom money to hackers, they don’t support it.  After all, paying a ransom doesn’t necessarily guarantee that access to your data will be restored.  Plus paying a ransom often incites cybercriminals to keeping trying their luck by targeting other organizations. In all cases, if you’ve been the victim of a ransomware attack, you should contact the FBI to report the crime. Their Recovery Asset Team acts as a liaison between law enforcement and banking institutions and will do their best to recover your funds, if possible. 

From that point, the best next step is protecting yourself from future cyberattacks with a company like INKY. Whether you are using Office 365, G-Suite, Microsoft Exchange or another email solution, INKY is the industry’s best solution for the security of your email…and ultimately, your company.  INKY is uniquely effective at catching phishing attacks by searching for signs of fraud other phishing attack software misses. INKY can also detect imposters down to the pixel level. It works on any device and places highly visible warning banners directly in the email – upsetting the well-laid plans of spear phishers everywhere.

Request a demo.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

 

1Source: https://pdf.ic3.gov/2019_IC3Report.pdf

2Source: https://pdf.ic3.gov/2018_IC3Report.pdf

3Source: https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic

4Source: https://pdf.ic3.gov/Ransomware_Trifold_e-version.pdf