The attack in question is called the CEO-fraud and it is more and more frequent due to the increase in teams working remotely from their homes…
💸 A particularly sensitive time
Large companies are targeted for their important funds, but smaller companies and startups represent easy targets because of their smaller structures. Startups for example are targeted because they often will be reaching out to investors for financial support. This will seem like an ideal time for cyberattacks. One attack in particular is ransomware (also known as encryption Trojans or blackmail Trojans).
Remember network partners can only do so much. Awareness and informed users are the best defence against these evolving threats.
🤖 Cybersecurity tips 101
The National Cyber Security Centre (NCSC) defines Ransomware as a family of malware (malicious software) that encrypts data on the victim’s computer and on network shares in order to make the data unusable for the victim. A “locked screen” then appears on the victim’s screen requesting a ransom (often in the form of cryptocurrencies) so that the data can be decrypted.
The characteristics of these attacks:
- Common types of malware include computer viruses, ransomware, worms, trojan horses and spyware.
- Locked screen mentioning encrypted data and requesting a ransom to decrypt it.
- Often requested in bitcoin (internet currency).
- Expanding type of attacks, new more damaging versions of malware are constantly being developed.
- Uses emails or hacked websites to “infect” devices.
- Scroll further to see a sample of typical malware screenshots below.
What you can do
It is important to remember that It is almost impossible to prevent fraudulent emails of this kind from being sent. Basic NCSC recommendations are:
- Regularly backup data and store it offline on two separate backups. Cloud based backups are a good solution but make sure the provider can’t be infected by malware and that two-factor authentication is activated.
- Consistently update devices’ operating systems and software.
- Install and update a virus protection and a firewall.
- Be careful with suspicious emails (it could be from a known colleague but strange in its content, an unexpected request or coming from unknown senders). When in doubt, do not follow the instructions in the text, do not open any attachments and do not click on any links.
- Some advanced solutions are available that use AI to prevent attacks. Contact EDIFICOM for further information.
If you get infected
- Immediately disconnect the computer from all networks and advise your IT department or relevant contact.
- In all cases, NCSC recommends reporting the case to the local police.
- Refrain from paying the ransom there is no guarantee you will actually get a decryption key and it’s better to avoid encouraging such attacks.
- After the attack is over and resolved, make sure to reinstall a clean system and change all passwords.
- Once the computer is clean, you can restore the backup data (if available).
- It can be useful to store encrypted data in case a decryption solution is found.
A few resources for more information
- Stay up to date on the habits to develop for safe online surfing with these recommendations.
- NCSC’s Information security checklist for SMEs and their Security Quick Check tool.
- Block the receipt of dangerous email attachments on your email gateway. A more detailed and updated list can be found on the GovCERT website here.
- nomoreransom.org helps find the right decryption solution for depending on malware type.
- Abuse.ch, a non-profit cybersecurity blog, created the Malwarebazaar platform to collect malware distribution sites.