Ransomware evolves, attacking continues to be on the rise, and companies are scrambling to add technical safeguards, policy-level protection and employee education to fight the threat.
Like most cyber-threats, ransomware is evolving in sophistication, and one of the latest techniques, known as spear phishing, is on the rise.
Up until recently, ransomware tended by launched through emails sent indiscriminately — essentially, infected spam. But instead of trying to convince the recipient to buy something, ransomware emails masqueraded as routine business emails (the most famous is a bogus UPS tracking email), and the links or attachments contained the malware.
This latest approach is more targeted. The emails are spoofed to appear to be coming from a trusted sender (often a principal within the company). In some cases, the approach is even more layered. An email asks for a response, and then the recipient responds. The next message contains the infection as part of an email thread the recipient seems to trust.
This all underscores the need for multi-layered defense against ransomware, consisting of technical tools, policy-level controls, employee education and a plan for rapid recovery in case of infections.
Clare Computer Solutions is offering on-site training to selected companies in the San Francisco Bay Area. They provide information on technologies that can help prevent ransomware or detect it very early, as well as a process for post-infection recovery. In addition, they provide user training to educate network users on how to be better prepared to spot suspicious emails, whether they are obvious or not.
To learn more and request ransomware training for your company, see https://www.clarecomputer.com/resources/events/ransomware-survival-guide/