Last month, one of the largest globally targeted ransomware attacks in history hit the news – taking out the computer systems in England and Scotland, disabling digital records and equipment in their healthcare facilities.
Most businesses are much smaller organizations than the globally-recognized NHS, but we wanted to know – does that make them safe from ransomware attacks? If not, what can be done to protect systems and data? ATAK Interactive reached out to our technology partner, INC Technologies. President Aramis Hernandez gave us a primer on what you need to know.
1. Do you see ransomware attacks with your IT clients?
AH: Fortunately, we don’t see it as much with our existing clients. However, most of our new IT clients arrive at our doorstep because they lacked the proper care and security. The process starts with home or business computers. Usually, these are machines running Windows – since it’s the most popular operating system, and many users don’t keep their computer security and operating systems up to date, making that computer the most likely candidate to be subjected to a phishing attack.
While everyone has learned not to trust email attachments, email links are another story. Think about how many links you click every day – that’s the most common way we see ransomware make its way into a machine. You’re much more likely to click a link, than download an unusual looking file.
2. Tell us some more about that – how does ransomware end up on someone’s machine?
AH: In an email phishing attack, an attacker represents itself as a person or group that you trust, like Paypal or Google. Then you download a file or click a link, and the software will exploit a vulnerability in your computer.
This can also be links posted in other places, too - like social media sites, or search results. The page you end up at exploits a weakness in your browser or your operating system, and installs the ransomware.
3. How do these attacks work?
AH: You’ll turn on your computer and be locked out, and see a message asking you for money to deactivate the software and give you access to your computer. The amounts van be very low – on average, $100 is the unlock ‘cost’. These hackers work on high volume, asking for an amount low enough that it’ll hit your wallet, but you’re unlikely to refuse.
4. How can users protect their systems from ransomware?
AH: This is a case where your best bet is proactive care. Make sure that you’re using the latest operating system, the latest browser, and you’re updating your security and antivirus programs.
In the case of websites, managed hosting is a way to protect your website. This means that your web host maintains your security and backups (Like ATAK’s hosting partner, Zerolag), so that you can leave your security and data to the experts.
Ransomware Takeaways for Small Business
What surprised us most on this call with Aramis was the prevalence of ransomware attacks they see in their support operations. High-profile ransomware attacks give the impression you’re safe if you aren’t a big business, but that is definitely not the case.
The biggest difficulty when it comes to ransomware is that nobody wants to think they’re vulnerable – and nobody wants to admit they were attacked. This is what the hackers are really banking on. Embarrassed computer owners will pay the ransom in order to avoid admitting they were hacked in public.
Recently, the podcast Reply All did an episode about this dimension of phishing attacks, called “What Kind of Idiot Gets Phished?”. After a host’s question about phishing is taken as a personal slight by one of his colleagues, the hosts experiment with phishing, and discover how easy it can be to fall for it, and how personal that deception can feel.
The personal dimension to ransomware is why it’s critical to have IT help that you can trust, before you find yourself wanting to hide an embarrassing situation.
The second interesting point in what Aramis told us was how often a phishing attack is a link, instead of a file. It often feels harmless to click a link in an email that’s unusual, or an email that you open while in a rush. This mistake can really hit you in the wallet.
Using an extra layer of browser security can help defend your accounts from phishing attacks. Enabling your firewall’s browser protections, and using a Chrome extension like Google’s Password Alert can keep your passwords safe.
The last line of defense, though, is personal judgment and patience. When you’re sent a link you aren’t sure about, investigate before you click it. Learn to identify common phishing URL tricks that are used to make a scam URL look legit:
- Unicode tricks, like using Cyrillic characters to make a URL look like it belongs to another company: аррӏе.com is using cyrillic characters to look like apple.com - the second URL is the real one!
- Fake URLs in an email. The typed link looks valid, like “google.com”, but if you hover over the link, you can see that the website you’re actually being sent to is something else.
- Misleading URLs in an email. This was how the Gimlet Media team fell for a phishing attack in the podcast episode linked above. “Gimlet” and “Girnlet” look similar enough to work.
- Fake login pages. These are very popular. Be very wary about giving your login details for Google, Dropbox, and banking sites on pages you were linked to in an email or IM. When in doubt, type in the address of the real thing to log in.