Cybercrime: Common Attacks and Defenses5 min read
September 1, 2024This is the first in a series of articles discussing common cybercrime attacks and methods to protect against them.
Ransomware and Phishing
Cybercrime is estimated to cost the world up to $10.5 Trillion in 2025. Cybercriminals leverage a wide range of attacks against their victims. Attacks may include the planting of malicious code to take control of devices and capture personal data, credit card numbers, usernames and passwords, and other sensitive personally identifiable information (PII). Cybercrime impacts large enterprise institutions, hospitals, and individuals alike.
In this introductory article, we’ll discuss ransomware, one of the most common forms of cybercrime that inflicts significant damage worldwide, and we’ll offer some steps to help protect you against attacks.
What is Ransomware?
Ransomware attacks involve the attacker delivering and executing a malicious software program on the victim’s system. Per the CISA,
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
US National Cybersecurity & Infrastructure Security Agency
While “phishing” is often used in other attacks, such as tricking users into entering sensitive, personally identifiable information (PII) and payment data, it is also used by ransomware attackers to deliver and stealthily install their ransomware. Typically, the cybercriminal will send an email to the victim that appears to be from a legitimate source, appealing to the emotions of fear and greed. Thinking the email is legitimate, the victim clicks a malicious link or attachment in the body of the email itself, which the attacker uses to download and install their ransomware on the victim’s device. At this point, the cybercriminal has what they need to extort their victim.
How Can I Protect Myself from Ransomware Attacks?
There are a few things users can do to mitigate the risk of falling victim to phishing and ransomware attacks:
- Be vigilant. Do not click on any email links or attachments unless you are absolutely sure the sender is legitimate. Carefully inspect the sender’s email address and the target URLs of links or buttons before clicking on them. Many phishing emails look real, mimicking actual emails from well-known organizations, institutions, banks, etc. Access reputable organizations directly through their own websites by typing their URL into your browser. Watch the spelling of the URL carefully, as some attackers will use common misspellings for their URLs.
- Back up your device regularly. Use a combination of offline and cloud backups. In the event of an attack, you don’t want to depend on a connected external hard drive, as this could also get infected. It is worthwhile to maintain at least two external hard drives for backups that you rotate every week or two. Disconnect the external hard drives after taking backups. In the event of a ransomware attack, you can restore your data from an external hard drive.
- Keep your Systems Updated. Bad actors are looking for vulnerabilities in systems. Operating systems and other software services should be kept up to date with the latest security patches.
- Use Preventative Services. Firewalls and anti-virus services can help reduce exposure to ransomware and malicious viruses.
- Educate Yourself and Your Organization. Research ransomware and cyber-attacks. As the saying goes, knowledge is power. The more you know about your attackers and how they prey on their victims, the better prepared you will be to defend against their attacks.
What Should I Do if Attacked?
Report Attacks. CISA recommends the following steps in response to ransomware attacks:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-MS-ISAC Joint Ransomware Guide.
US National Cybersecurity & Infrastructure Security Agency
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- If your device is infected with ransomware, then you can take action:
- Home users: immediately contact your local FBI office or local U.S. Secret Service office to request assistance.
- Organizations: immediately report ransomware incidents to your IT helpdesk or security office.
- All users: change all system passwords once the ransomware has been removed. You can submit ransomware files to CISA for analysis via https://www.malware.us-cert.gov/MalwareSubmission/pages/submission.jsf. (See Choosing and Protecting and Passwords and Supplementing Passwords.)
Ransomware attacks will continue to target victims around the globe. It is important to remain vigilant and educated about vulnerabilities and defense strategies to mitigate your risk of falling victim to these attacks.
Protecting yourself and your data requires vigilance and proactive measures. By understanding the dangers to which you may be subjected, you can take proactive measures that significantly reduce your risk of falling victim to cyber threats. Remember, your online safety is in your hands. Stay informed, stay cautious, and you’ll be able to enjoy the benefits of internet interaction without compromising your security.
If you found this guide helpful, consider sharing it with your friends and family. For more tips and updates on how to keep your digital property secure, contact us for a free consultation, and let us show you how to stay vigilant and defend yourself from internet predators.