Ransomware strikes again... recent strikes show that all industries need to be aware of how to handle the #ransomware threat.
Another threat we commonly know is #phishing, but targeting specific individuals, i.e. spear phishing, is a type with much more focal energy behind the attempted fraudulent contacts.
Ransomware Attacks
The threat of #ransomware within the public sector is one which we are always aware of, particularly following WannaCry and the disaster caused within the NHS' IT and #OT systems. Increased numbers of #ransomware attacks have occurred now within the UK's education sector.
As #ransomware is a type of malware which can make data or systems unusable until the victim makes a payment, during the times we're in now, with high dependency on technology with COVID-19, it can have a significant impact in an education environment.
The world’s biggest meat processing company, JBS, has also fallen victim to a #ransomware attack. JBS, based in Brazil, reported that its computer networks had been hacked and it resulted in operations in other countries also having to be temporarily shut down while rectifying measures were put in place. The FBI is apparently investigating the incident, as well as investigating reports that have come out around the attack originating from a criminal organisation based in Russia.
The NCSC, as well as any good cyber consultant, strongly advises against paying ransom to the cyber criminal: much of the time, the data from your PC won't even be recoverable, even if the ransomer is honest enough to give you the key to unlock your encrypted machine. Back to the perfect case-in-point above: #WannaCry... the coding within the malware didn't allow payments to be linked to the victims, i.e. not providing 'proof of payment' to request a key, and even then, the decryption keys couldn't work to actually fix the damaged files, either.
Phishing Charges
It's good to be reminded that cyber criminals / #phishers do indeed get caught for their wrongdoings and tried for criminal practice.
A woman in the United States has been charged with sending #phishing emails to candidates for political office, according to court documents.
She is accused of going to more extreme measures to trick people, including campaign staff and candidates, into revealing confidential information such as account credentials. What is does show is that #phishers are a dangerous bunch when it comes to fooling people into trusting them and giving away data which need to be kept secure.
#Phishing poses a serious threat: attackers may send out non-targeted emails to many people or #phishers may target specific individuals (known as spear phishing).
The NCSC writes some great advice on how to spot the most obvious signs of a scam, and it's important to keep yourself and your employees up-to-date with the latest threats and have a basic level of cyber security training, in order to reduce the likelihood of falling victim to a cyber incident.
The full NCSC report can be downloaded here as a pdf article.