A couple years ago, the FBI warned that ransomware was the fastest-growing malware threat, targeting users of all types. One reason ransomware is so appealing to criminals is how easily it can be spread to victims.
In most cases, a botnet sends out millions of malicious emails to potential victims in a matter of minutes. The phishing emails are usually pretty generic and can be used to target most anyone.
But there’s a big change in the way ransomware is being delivered now. And it could end up costing you big time.
Ransomware scammers changing things up
So how are crooks spreading ransomware now? They’re making malicious messages more personal, with spear-phishing emails.
If you’re unfamiliar with ransomware and what it does, you should know that this is not your average malware infection. When a device is infected with this particular type of malware, you lose access to critical files.
Once the victim’s computer, laptop, smartphone or tablet is infected, they basically have only two options: Pay the ransom to receive the decryption code, or lose access to everything stored on their hard drive.
The FBI always tells people to never pay the ransom. Since we’re dealing with unethical criminals to begin with, there’s no guarantee they’ll give you back access to your data even if you pay up.
Ransom fees aren’t cheap either. FBI reports show the average attack costs an individual victim hundreds of dollars. For businesses, that number can be much higher. Which is why crooks have started incorporating spear-phishing into ransomware attacks.
Spear-phishing is a form of targeted email scam aimed specifically at an individual or organization.
By sending out carefully crafted phishing emails with identifiable personal or corporate information, the attackers make it appear that the messages are coming from legitimate and trusted sources. That makes it more likely an employee will click on a malicious link or document inside the email.
A successful spear-phishing campaign on a business can reel-in more money for the scammer than a traditional ransomware infection of an everyday Joe. The theory is a company would be more willing to shell out big bucks to recover important files than an individual would.
Defending against spear phishing and ransomware attacks
Be cautious with links
Do not follow web links in unsolicited email messages, it could be a phishing attack. If you need to contact a business or website, make sure to type the web address directly into your browser. This way, you know you’re not clicking on a malicious link that could lead to a spoofed site and stolen data.
Set up two-factor authentication
Two-factor authentication (2FA) means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Tap or click here for new ways to come up with secure passwords.
Back up your critical files
With our sponsor, IDrive, you can back up all your PCs, Macs and mobile devices into ONE account for one low cost!
Go to IDrive.com and use promo code, Kim, to save 90% on 5 TB of cloud backup now! That’s less than $7 for the first year!