Stop Phishing / Spear Phishing Attacks to Combat Ransomware
Covid-19 has completely changed the world’s workforce to a more remote-access model than it has ever been. And with those changes, malicious cyber actors have stepped up their game to capitalize on the chaos.
One of the greatest threats to organizations is ransomware, especially when coupled with the most successful attack vector available to aspiring attackers, targeting the human element. It’s the easiest way to bypass even the most robust security measures. It’s easy, it’s cheap and massively successful, making it an ROI winner for hackers all over the planet, and they do thrive on the path of least resistance.
“Global Digital Forensics (GDF) can help shift the balance of power from them, back to you!”
Phishing and spear phishing attacks are the stars when it comes to bypassing cybersecurity measures through the weakest link in the chain – human users.
“All it takes is one user to bite the lure for a horrific cyber event to unfold.”
It’s also how the vast majority of ransomware attacks get their foot in the door. A user clicks on a fake link, or opens an infected attachment, and the payload is delivered. Ransomware can immediately start encrypting everything it can access, from a user’s laptop or phone at home, to the company server, and to the cloud storage and backup services. Whatever the user could access, the ransomware can access, including other users who can then give it access to even higher privileges.
Make no mistake about it. If a ransomware attack is successful, you are at the mercy of one of two things; you either restore your systems from a clean backup (assuming you still have one), or you pay and pray the attacker holds up their end of the deal and gives you the decryption key to release all your data. Trying to decrypt is a fool’s errand. It could take a couple hundred thousand years to crack the encryption code with today’s encryption algorithms. It’s worse than trying to decrypt an Apple iPhone without any help from Apple (ask the FBI how well that works).
To add insult to injury, if you pay the ransom, the federal government could now be coming after you too, for money laundering, abetting terrorists, violations of international sanctions and more. Just take a look at this Department of the Treasury Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments from October 1, 2020.
“To beat ransomware you really have to stop it before the fact, not after.”
Phishing/Spear Phishing Awareness Testing
At GDF, we understand you have a lot on your plate these days. But just imagine how much more will be on your plate if you couldn’t access any of your data, systems or digital services today, and tomorrow, and the day after that, and after that. One successful phishing/spear phishing social engineering attack could bring that reality to fruition. To beat these threats, everyone in the organization has to know what to look for, and how to respond should they receive a phishing/spear phishing email, or any other kind of social engineering attack.
GDF can help you get everyone on the same page and raise awareness substantially company-wide with safe, realistic phishing/spear phishing attacks that will put your people to the test. We’ve found there is no greater training tool for this kind of awareness than actually catching some hands in the cookie jar. You’ll get an instant idea of how susceptible your workforce is to these types of social engineering attacks. And they are so realistic, to date we have never failed to get at least one user to bite (and that’s all it can take).
We’ll craft an email that looks legitimate, create a dummy website to look like it is one of your own, and we’ll ask your users for their credentials or other PII, whatever best fits your situation. We’ll send it out to your user email list and in just a few days, we’ll have your results. Armed with this valuable information, your management team can decide on the best approach to shore up the weak links (policy changes, regular training, prominent reminders like posters, PowerPoint presentations, regular testing, etc.) And GDF can help you on those fronts to.
So don’t wait, it’s easy, it’s fast, it’s affordable, and it has never been more necessary than today. Call 1-800-868-8189 and let’s set up a customized, safe and effective phishing/spear phishing test. Survive and thrive in today’s dangerous digital world, stop threats like ransomware BEFORE the unthinkable happens.
So what is Phishing/Spear Phishing?
Phishing: Phishing is the next step in the evolution of spam and it’s all about deception. It is also based on a “mass-blast” concept, but uses the ploy of masquerading as a familiar and/or popular site, like eBay, PayPal, Facebook or any one of hundreds of other sites familiar to large swaths of the population. A phishing email will, for instance, inform the recipient they need to update their account information and directs the victim to a bogus site which looks a lot like the real thing. A good phishing attack will also “spoof” the header information to make it look like it comes from a trusted source.
Spear Phishing: This is more of an extreme version of phishing, one which requires a lot more effort, but offers intruders chances for enormous rewards. Spear phishing is all about personal touches, touches which better connect with the targeted individual or organization. A successful spear phishing email will be built around three important criteria. First, a spear phishing email has to look like it comes from a trusted source, usually someone familiar to an individual or organization, or even from within the organization itself. Second, there has to be some kind of information in the email which reinforces its validity, and third, it has to make enough sense that it seems reasonable to follow a link or open an attachment. The more research a hacker puts into it, the craftier and harder to distinguish from the real thing it becomes.
Fill out the form below today and we'll contact you soon to discuss your phishing/spear phishing/social engineering testing needs.