What are Social Engineering Attacks and Ransomware
- Social Engineering Attacks — Social engineering covers a wide range of malicious acts. Social engineering attacks rely on human intervention. Bad actors trick users using psychological manipulation to get the users into making mistakes. Mistakes include clicking on spoofed hyperlinks, browsing spoofed websites, or giving away sensitive information. Social engineering attacks and ransomware go hand-in-hand.
- Ransomware — Ransomware is malicious software. It is used by bad actors during illegal money-making campaigns. They rely mostly on social engineering attacks to get users to make the mistake of clicking deceptive links in emails, through instant messaging, or fake websites. Ransomware is considered malware and can spread through a system and inject trojans that can then spread throughout systems in a network. It can encrypt data on any hard drive that it infects. The bad actors then can collect a ransom in trade for a password that will decrypt the data on the drive.
Photo by Cookie the Pom
Prevention and Removal of Ransomware
- Prevention — Since ransomware campaigns rely mainly on human interaction users should be very careful when opening suspicious emails or clicking malicious links. Users should ensure system firewalls are on and use proven antivirus and malware software. And of course, systems should have all the latest updates and backed up on a regular basis. Companies like Kaspersky® offer free and paid Anti-Ransomware products. They offer solutions for the home and for business. It is important to note that social engineering attacks and ransomware are what make up many criminal money-making schemes.
- Removal — Prevention is key, but if a system gets infected with ransomware it requires a software program that can detect it and mitigate it before it delivers it’s payload and infects and install malicious trojans and tools in the system(s). Some ransomware to more difficult than others to detect and remove like the Ryuk Bitcoin Ransomware. There are solutions that can detect ransomware and short-circuit it before it does damage. CrowdStrike, a company that offers the Falcon platform, claims that their solution has the ability to detect and prevent Ryuk. The platform detects behavioral patterns related to the malware attack. CrowdStrike incorporates machine learning techniques to provide additional protection against the malware family. A free trial is available here. Learn more about social engineering attacks and ransomware in this article.
Every User is Responsible for Their Own Actions
As a computer user you are your own last line of defense against social engineering attacks. As a business owner it is your responsibility to implement and maintain a security awareness program. Developing good security awareness habits goes a long ways in preventing social engineering attacks and ransomware.
Here’s some tips that should be remembered and practiced
- If You Don’t Know What a File Is, Don’t Download It — If a file is sent to you in an email ensure you know and trust the sender. Some files are sent as attachment and can be scanned using your anti-virus software before opening. Never forward a file that is not verified safe.
- Email Spoofing is Everywhere — Social engineering attacks and ransomware campaigns work. That’s why spammers and hackers use them. They are after your information so they can take over any accounts that they can. With Email once they have control of your account they will go after your contacts. Even if a known contact sends you a file, if you’re not expecting it check with them and make sure they sent it.
- Don’t Fall for Fake Prizes or Free Cash — These types of Email scams have been around since the inception the Internet. It surprises me that people still fall for these scams in the year 2020. If it’s to good to be true, it’s a scam. Don’t be the sucker who provides the sender with personal information.
- Think Before You Click Links in Emails — Phishing attacks instigated by bad actors incorporate lots of tricks to catch you off guard. The Email may include the word “Urgent” in the subject. The body of the message may create a sense of urgency. Always sit back and think before you click. When in doubt, research the source of the message, or simply delete it. It’s up to you to defend yourself against social engineering attacks and ransomware campaigns.
Don’t Become a Victim!
Ways to prevent social engineering attacks and ransomware
- When using email don’t send any personal or financial information, and don’t respond to requests for such.
- When entering information through a website always check the URL and make sure it begins with “HTTPS://”, the “S” stands for secure. Also the padlock to the left of the URL will be locked (in the closed position).
- Be wary of visits, emails, or phone calls from anyone asking for login information or other personal or company information. Always know who your talking to, before you release any information.
If you ever think that you have become a victim of Identity Theft the first thing you do is to report it to the Federal Trade Commission (FTC). It is easily done by accessing IDENTITYTHEFT.GOV. There you can report the identity theft and get a recovery plan with steps that you need to take. And, always remember to be on the lookout for social engineering attacks and ransomware campaigns.
Companies like Kaspersky® offer free and paid Anti-Ransomware products. They offer solutions for the home and for business.
Featured photo by John Schnobrich