If you look at all of the security-related headlines from the past year, what do you think the biggest trend is? Perhaps it was the plethora of large-scale ransomware campaigns that struck both individuals and businesses in spades. Even now, ransomware continues to make headlines by changing its tactics, with one of the more recent ones being in regards to fake ransomware.
Hackers are finding that it doesn’t matter if they actually breach someone else’s system with ransomware; there is a pretty decent chance of them making a quick buck if the user simply thinks they have been infected by ransomware. The fear created by a ransomware attack can make victims act in irrational ways. Panic doesn’t make the problem any better, so we always encourage anyone who suspects they are in this position to follow any established procedures, like contacting your IT department.
Unfortunately, it is often difficult to gauge how you might react to a threat like ransomware when under duress. As much as you want to believe you are doing the right thing, it’s not always clear what the right thing is—especially in terms of cyberthreats like ransomware. Generally speaking, it is best to reach out to your IT department or trusted IT resource, whether it is an internal department or a managed service provider you contract with.
The reason you do this is because it is not always clear how bad the attack is, or if there is even an attack at all. Hackers are often able to pull off fake scams simply due to the fear they create with their scare tactics. They might use language that suggests they have infected your systems if they do not receive a ransom payment.
If you look at it from a different perspective, you can see why this might be troublesome. Another way hackers can take advantage of fear is by attempting blackmail through, say, an email claiming that they have caught you red-handed doing something incriminating. In cases like this, there might be an attachment to the email. You have a couple of options: download the image to see if it’s really you, pay the ransom on the off-chance they actually have found some dirt on you, or contact your IT department first. If you don’t get IT involved, you might accidentally download a threat to your device, or you might pay a ransom for no reason at all.
Fake ransomware attacks can demand lower fees compared to the real deal, and people will pay the ransom simply out of fear that they have been compromised. Hackers can also send attachments claiming to have it be the decryption key, only to have it install other threats on your infrastructure. Whether they are real ransomware attacks or not, it’s safe to say that ransomware attacks are still problematic.
You should always involve your IT department when ransomware of any type is involved. If you don’t have a go-to resource for your IT needs, then Nexela wants to be that resource. We can protect your infrastructure and offer consultation on how to prevent ransomware from sinking your business.
To learn more, contact us at (215) 525-3223.