There are new developments on the cyber-attack front every day. New forms of social engineering, malware, viruses, and cyber-attacks are being developed faster than we can comprehend. Cyber-criminal enterprises have learned that data is as valuable to business as physical assets. Stealing from or disrupting business operations is lucrative and relatively risk-free. In the murky world of the darknet, criminal enterprises conspire to find ways to steal anonymously.
Brad Chacos, senior editor for PC World, describes it best. “There’s a place lurking beneath the Internet you use every day. It’s a hidden underbelly, home to both rogues and political activists, and accessed only with the help of specially designed anonymizing software. It’s a secretive and dangerous place, where a lot of illicit, underground nastiness occurs. There, you’ll find a society that lurks intentionally in the blind spots of search engines. Some call it the “Darknet.”
“Darknets deliberately hide from the prying eyes of the searchable Web. They cloak themselves in obscurity with specialized software that guarantees encryption and anonymity between users, as well as protocols or domains that the average webizen will never stumble across. Darknets are small niches of the “Deep Web,” which is itself a catch-all term for the assorted Net-connected stuff that isn’t discoverable by the major search engines.”
The criminal activity spawned on the Darknets has become a real and present threat to businesses of all sizes. Possibly the greatest threat of 2017 is a criminal enterprise called “ransomware as a service (RaaS)". Unlike many of the cyber-criminal activities that focus on stealing, ransomware is a digital extortion based exploit. Ransomware is software that encrypts the files contained on a computer or network and demands that the victim pay a price to regain access. It is typically distributed via email. One click and the virus is launched. A screen pops up with a countdown timer, encrypts all of your files, and instructs you to pay a ransom to unlock your files. Your ransom must be paid via untraceable bitcoins. If you don’t pay your files are destroyed forever. Even if you pay there is no guarantee that your files will be unlocked. Remember, if your computer is connected to your network the virus will seek out every device on the network. For information on what to do if you are attacked with a ransomware virus see my blog at “Ransomware Attack!”
Until recently, creating ransomware malware could only be accomplished by skilled coders with specific knowledge. However, due to recent developments within the on-line criminal underworld, ransomware is now available to anyone with malicious intent. Simply put, anyone can now go on-line and purchase packaged ransomware to exploit innocent victims.
This new development is called, “Ransomware as a Service,” and it’s a game changer. Ransomware as a Service puts ransomware code into the hands of virtually anyone that wants to exploit a helpless victim putting every business large or small in a compromising position.
Most ransomware is distributed through malicious websites or email attachments. The preferred method of attack is through email attachments. Human error is the number one reason attacks are successful. 90% of phishing attacks rely on human error to spread malware. One click and they are in. Most companies in the U.S. have no form of training for their employees. This makes life easy and profitable for hackers.
So, what should every company do to protect themselves? The answer is actually pretty simple. The Tek has created a 5 Step Cybersecurity plan specifically designed for any business that is affordable and secure.
Click below to learn more and download the 5 Step Cybersecurity Plan.