If You Didn't Think You Were a Target for Hackers Before, Know You Are Now
The cyber threat landscape is always evolving. Gone are the days when hackers were almost exclusively interested in stealing PII (Personally Identifiable Information) or account credentials to sell and/or leverage for theft and future attacks. It takes time and additional effort for them to make a profit that way. The white whales hackers would drool over, like financial institutions, have also tightened up their ships over the years, making a successful hunt for those kinds of fortunes that much harder. And truth be told, hackers don't like hard, the easier the better. Ransomware fortunes are fast, and can be huge, as evidenced by the highly publicized ransoms paid recently in the millions, even topping $10 million.
Are You a Target for Hackers?
The short answer is yes, no matter the industry or the size of the organization. The explosion in ransomware attacks ensures it. From an individual willing to pay a couple hundred dollars to unlock their personal data on a home system, to the multinational multi-billion-dollar conglomerate willing to pay millions because they've been stopped dead their tracks after somebody in the organization clicked on a ransomware-laden phishing email, hackers know anyone may be willing to pay up. And as more successful attacks are publicized, especially with multi-million dollar payouts, the more it encourages the behavior. Adding fuel to the fire, there are also cheap kits easily available on the Dark Web making it simple enough for just about anyone to get in on the action.
Double Trouble - Ransomware and Data Exfiltration Combined
As more companies started coming to grips with the scourge of ransomware by getting effective backup plans in order, hackers decided to combine the old with the new. In 2020, over 40 percent of the ransomware variants introduced "into the wild" had a component designed to exfiltrate data as well. This allowed attackers to still hold someone over the barrel even if they decided not to pay the ransom and restore from backups instead.
Take an attack from April of this year. A company named Quanta, a main supplier for Apple products, was hit by a Russia-based ransomware group known as REvil (who also happened to be the same group that netted an $11 million dollar ransom from the meat processing giant JBS in May). The group was demanding a $50 million dollar payment. When Quanta refused to pay to recover their files, REvil demanded the ransom from Apple and let them know they had also stolen design plans and were going to release them for the world and all of Apple's competitors to see and released a few snippets just to prove they did exfiltrate blueprints. Apple has not confirmed if, or how much, they paid, but it’s an agonizing situation for any company to be in. The key is to not get infected in the first place, and since phishing is the most commonly used vector to deliver ransomware, getting awareness raised for everyone in the organization about the perils of phishing emails is vital.
GDF Can Help
GDF can help you get everyone on the same page and raise awareness substantially company-wide with safe, realistic phishing/spear phishing attacks that will put your people to the test. We’ve found there is no greater training tool for this kind of awareness than actually catching some hands in the cookie jar. You’ll get an instant idea of how susceptible your workforce is to these types of social engineering attacks. And they are so realistic, to date we have never failed to get at least one user to bite (and that’s all it can take).
We’ll craft an email that looks legitimate, create a dummy website to look like it is one of your own, and we’ll ask your users for their credentials or other PII, whatever best fits your situation. We’ll send it out to your user email list and in just a few days, we’ll have your results. Armed with this valuable information, your management team can decide on the best approach to shore up the weak links (policy changes, regular training, prominent reminders like posters, PowerPoint presentations, regular testing, etc.) And GDF can help you on those fronts to.
So don’t wait, it’s easy, it’s fast, it’s affordable, and it has never been more necessary than today. Call 1-800-868-8189 and let’s set up a customized, safe and effective phishing/spear phishing test, or fill out the form below today and we'll contact you soon to discuss your phishing/spear phishing/social engineering testing needs. Survive and thrive in today’s dangerous digital world, stop threats like ransomware BEFORE the unthinkable happens.