What does a ransomware attack look like?

Thanks to the disruptive, highly publicized large-scale attacks of the past few years, most people are familiar with the concept of ransomware. First, a hacker encrypts your computer or cloud server and then baits you into paying for the decryption key that lets you access your files.

But although almost everyone knows what ransomware does, few are aware of how hackers get access to computers and servers in the first place. Here’s a real-life example of what to look for, taken from a client of ours who successfully thwarted the attack.

A Textbook Ransomware Exploit in Three Simple Steps

If your employees aren’t careful, hackers can deceive them and have your data in their hands in mere minutes. This is how our client’s ransomware attack attempt went:

  • Someone called the office’s main number and reached a receptionist. This person asked who the company’s IT vendor is and then hung up quickly thereafter.
  • Later that day, someone claiming to be a DME employee called and asked the same receptionist to open a remote session “in order to fix a critical security vulnerability”.
  • The receptionist rightly thought this was suspicious, and called DME to verify the request. Naturally, nobody had called that day and there was no report of any critical security vulnerability to fix.

We understood immediately that this was an attempt at a ransomware attack. As a managed network provider, we don’t need to call individual employees and ask for remote access. We use a secure trouble ticketing system that ensures our client’s requests and communications remain protected against suspicious activity.

If that receptionist had given the unknown caller remote access to a company computer, he would have a treasure trove of confidential data to work with. It doesn’t matter that the receptionist’s computer doesn’t have privileged access to company finances. With complete copies of interoffice email correspondence and the contact information for every employee in the company, it would only be a matter of time until the hacker gained total access.

Protect Your Business by Following These Simple Steps

In this case, a healthy dose of suspicion saved one of our clients from a costly and embarrassing experience. Even if the ransom amount itself is low, the whole office would have to deal with downtime and the company would have to live with the threat that some anonymous hacker can shake it down whenever he needs some cash.

Fortunately, you can keep your business safe and secure by instructing your employees to follow these rules:

  • Never Disclose Confidential Information. Be sure to instruct all employees what constitutes confidential data. Nobody needs to know what IT vendor you use, the names or contact information of company executives, or any details concerning network services. When in doubt, always err on the side of caution.
  • Verify Remote Access Attempts. Never assist anyone with remote access to a company computer without verifying the attempt. Every employee must be absolutely certain that the request is coming from a legitimate source.
  • Have a Strong Password Policy. Strong passwords are long and complicated Make sure your employees understand the difference between a good and a bad password as well as being able to memorize theirs.Regularly update passwords and employee permissions so that you don’t leave holes in your defenses. Make sure employees know never to give out passwords under any circumstances – not even to us or to you.
  • Invest in Education. Cybersecurity is a constantly evolving discipline. Today’s biggest threats are completely different than those of just a few short years ago. Similarly, you will be dealing with far more sophisticated hacking attempts in the future, so keep your employees regularly informed of cybersecurity best practices.

In many cases, hackers take advantage of uninformed employees who can be tricked into believing that IT vendors need their passwords. In other cases, hackers may impersonate C-suite executives and try to intimidate using executive authority, telling entry-level employees that their jobs depend on sending sensitive data to them right now.

In both cases, employees need to take time to think about unusual requests. Ultimately, annoying the CEO by asking a supervisor for verification is not nearly as bad as losing millions of dollars of company money through blind trust.

Do you have suspicious behavior to report? Contact us and one of our cybersecurity experts will assess the situation for you.