Ransomware is becoming more successful than ever due to a combination of factors that allow cyber criminals to easily access corporate networks—and because a significant number of victimized organizations are willing to pay up. Indeed, a new report from BAE Systems warns that the “perfect storm” of conditions have come together and allowed ransomware attacks to run rampant against all kinds of organizations big and small. 

The perfect conditions

• It’s getting easier and easier for criminals to acquire and distribute ransomware.
• The COVID-19 pandemic has provided a lot of cover for social engineers to gain entry to networks.
• Perhaps the top issue is the way in which corporate victims of ransomware are paying.  This encourages cyber criminals to pursue the line of attack and normalizes the act of giving into the ransom demands. The result is an unfortunate loop, experts say; the more organizations that pay a ransom, the more acceptable the notion of paying to solve the problem becomes.  And the relatively new option of claiming ransom losses via cyber insurance further encourages payments.

What you can do

In most cases, the root cause of a successful ransomware attack is an employee falling for a social engineering gambit, usually spearphishing.  So there are steps you can take to avoid being part of the problem:

• Be skeptical of links you receive via email
• Emails from a trusted source can be faked, look closely
• Never divulge your network login as a result of an email request
• Anytime an email, text message, or phone call asks you to do something that just doesn’t feel right, trust your instinct and double-check with your manager.
• Think carefully about clicking to follow social media links at work, these can potentially download malicious software.

© National Security Institute, Inc.