New Year, Old Threats – Another ransomware attack

New Year, Old Threats | Another ransomware attack, ransomware, cyber attack, phishing attack, phishing email, information security awareness, infosec awareness, inosec, inosecurity, informationsecurity

So, the new year had barely begun, when news of another ransomware attack broke (https://www.bbc.com/news/technology-50972890). This time, a US military base was compromised but there was a very familiar storyline with officials reporting that they believed the ransomware was sent in a malicious email link, clicked by an employee. 

For those of you who are not familiar with this specific type of malicious software, ransomware is designed to block access to a computer system until a sum of money is paid. 
It is designed to scramble or encrypt files on the target system, usually, key system files or valuable data files and the only way to regain access to those files is to pay the attackers some exorbitant amount of money, e.g. for large organisations this can be millions of pounds. And as with other blackmail scenarios, there is no
guarantee that the attackers will provide you with access to your files, once the ransom has been paid. 

It would seem that the attack on the military base used the traditional phishing method to compromise the system, 
i.e. a simple but effective technique of tricking a user into clicking an innocuous link or opening an attachment in an email or voluntarily providing sensitive information. This method of attack, which has been in existence for over 20 years, is still very effective due to lack of awareness or vigilance from users when opening emails.  

The lesson here is to keep providing staff with regular awareness training sessions on the risks attached to incoming emails and tips on how to spot phishing attempts and encourage them to report anything they think could be suspicious. 

Get ahead of the curve! URM Consulting Services is one of the UK’s most trusted training providers in the areas of information security and governance, business continuity, risk management data protection and software asset management.  

If you need any support, please let us know a bit more about your background and how we can help.