Ransomware Extortion Attacks Continue to Rise in Frequency as Ransom Payments Decrease by 40%

Ransomware is having a very odd second quarter of the year as new variants enter the game governments finally take notice and insurers tighten their underwriting requirements.

Every quarter I make certain to cover their Quarterly Ransomware Report articles, as they provide great insight into the current state of attacks, ransoms, variants, and more. But in Coveware’s latest report covering Q2 2021, we see a bit of a different tone.

In the report, we saw a massive downturn in the average ransom payment – just a little over $136K, down 38% from Q1 of this year. And, yet the percentage of ransomware attacks threatening to leak exfiltrated data increased by 5% this quarter, to 81%.

This is a bit counterintuitive; why would payments go down, but threats (that should yield higher payments) increase?

It may have something to do with some of the other points covered in the Coveware article:

  • 4 new ransomware variants slip into the top 10 list, pushing out old players. (When you think of ransomware as a “business”, sometimes the new players on the market will undercut their competition to establish themselves. Could that be it?)
  • REvil ransomware – which has been behind some of the most high profile attacks last quarter – seems to have disappeared. (This could be due to the increasing involvement of governments – including our own – taking notice of the implications and are beginning to put pressure on foreign governments to put a stop to these cybercriminal gangs.)
  • The attacks on critical infrastructure have woken up CEOs who are now paying attention to the realities of modern ransomware attacks and their impact, and are willing to spend whatever it take to keep from becoming a victim.

Whatever the reason for the lowered ransom payments, the Coveware data still suggests that businesses of every size continue to be under attack and should take measures to protect themselves from the three primary initial attack vectors – vulnerabilities (hint: time to get vulnerability management in high gear), remote access via RDP (shut it down and get a real remote solution), and phishing (educate your users with Security Awareness Training so they don’t fall prey to malicious email content).

READ MORE

Cybercriminals Are Growing More Organized

The cybercriminal underground is becoming increasingly organized, according to researchers at HP. The criminal underground functions like a regular economy, with people selling goods and services such as phishing kits, malware, and access to compromised networks. As a result, the bar of entry is lower since unskilled criminals can buy the things that previously prevented them from engaging in cybercrime.

HP’s report shared the following findings:

  • “75% of malware detected was delivered via email, while web downloads were responsible for the remaining 25%. Threats downloaded using web browsers rose by 24%, partially driven by users downloading hacking tools and cryptocurrency mining software.
  • “The most common email phishing lures were invoices and business transactions (49%), while 15% were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1%, dropping by 77% from H2 2020 to H1 2021.
  • “The most common type of malicious attachments were archive files (29%), spreadsheets (23%), documents (19%), and executable files (19%). Unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
  • “The report found 34% of malware captured was previously unknown, a 4% drop from H2 2020.
  • “A 24% increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.”

The researchers also observed a “résumé-themed malicious spam campaign targeted shipping, maritime, logistics and related companies in seven countries (Chile, Japan, UK, Pakistan, US, Italy and the Philippines), exploiting a Microsoft Office vulnerability to deploy the commercially-available Remcos RAT and gain backdoor access to infected computers.”

Alex Holland, a Senior Malware Analyst at HP, stated that criminals continue to rely on phishing to gain initial access because it works so well.

“Cybercriminals are bypassing detection tools with ease by simply tweaking their techniques,” Holland said. “We saw a surge in malware distributed via uncommon file types like JAR files – likely used to reduce the chances of being detected by anti-malware scanners. The same old phishing tricks are reeling in victims, with transaction-themed lures convincing users to click on malicious attachments, links, and web pages.”

New-school security awareness training can give your organization an essential layer of defense by enabling your employees to spot phishing attacks that slip past your technical defenses.

READ MORE

WhatsApp Phishing Scams Significantly Increase

The Southwark Police in London have warned of a spike in WhatsApp phishing scams, according to Paul Ducklin at Naked Security. The station tweeted, “We have seen a surge in WhatsApp accounts being hacked, if you are sent a text from WhatsApp with a code on it, don’t share the code with ANYONE no matter who’s asking, or the reason why. “

Ducklin notes that users of WhatsApp and similar messaging services are more likely to view messages as trustworthy, since they appear to be coming from an acquaintance.

“Closed-group instant messaging and social media communities don’t suffer from spam in the same way that your email account does, because you can set up your account so that only approved contacts such as friends and family can message you in the first place,” Ducklin writes. “That means, however, that you’re more inclined to trust messages and web links that you do receive, because they generally come from someone you know.”

Ducklin adds that users should be suspicious of unsolicited or strange messages from contacts, especially if the messages sound urgent or try to get you to click on a link.

“Never trust messages simply because they come from a friend’s account,” he says. “Just as importantly, if a weird message from a friend’s account makes you think they’ve been hacked, don’t message them back via the same service to warn them. If you’re right, your real friend will never see the warning, and you will have tipped off the crooks that you are onto them. Contact your friend some other way instead.”

Two-factor authentication (2FA) is an essential layer of defense, but Ducklin stresses that attackers can still bypass this measure via social engineering.

“If you’ve turned on 2FA on your various accounts, good for you,” he writes. “It’s not a silver bullet, so it can’t guarantee that your account won’t get hacked, but it does make things harder for the crooks. Don’t play the ball back into their court by sharing those secret codes with other people, no matter how convincing their story sounds.”

New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for these attacks.

READ MORE

[HEADS UP] Over 400% Increase in Ransomware Victims

According to a recent report by OODA Loop, “Mandiant claims to have detected a 422% increase in victim organizations announced by ransomware groups via their leak sites year-on-year between the first quarter of 2020 and Q1 2021.”

In research recently conducted by Talion, 3/4 of consumers and security professional want ransom payments to be prohibited. This is due to the number of victims consistently increasing with no end in sight of these type of attacks stopping anytime soon.

Mandiant also discovered that victims over 600 European organizations were widespread across several different types of industries.

As more attacks and more monday is demanded, ransom payments have been more of a controversial subject. We recently reported that the average ransom amount has increased to $170,000, an increase from $80,000 average in 2019.

Cyber insurance is also blamed by security professionals as it only encourages more attacks to continue in the future with no repercussions. It is highly recommended to implement frequent phishing tests and new-school security awareness training to prevent your organization from becoming the next victim.

OODA Loop has the full story.

READ MORE

Tax Organizations Need to Focus on Cybersecurity

Tax preparation companies and tax agencies are increasingly facing scams, fraud, and other attacks, according to Robert Capps, Vice President of Marketplace Innovation at NuData Security. On the CyberWire’s Hacking Humans podcast, Capps explained that the digitization of taxes has increased the need for tax organizations to focus on cybersecurity.

“If you’re dealing with an agency, a physical organization that is processing your taxes, you drop off the packet, they hand you your taxes, and then you sign, and they get mailed in or even electronically delivered on your behalf – those organizations really need to be taking security into account,” Capps said. “Where taxes, you know, more than a decade ago were all on paper, tax return fraud was the result of breaking into someone’s office and stealing boxes of paperwork. Now that’s all digital. And so whoever’s preparing your taxes or assisting with your taxes really needs to take computer network security into account, and that isn’t always the case, right? Some folks are not as computer-literate as we might want them or expect them to be, given their position.”

Capps noted that attackers also use social engineering and malware to go after corporations as well as individuals.

“On the other side of the coin, corporate tax fraud is an issue, and getting information from an employee through social engineering or getting malware onto their computers in the office can create all kinds of havoc not just at tax time, but also attacking bank balances,” Capps said. “And you see unrequested international wire transfers out of corporate accounts to third-party accounts in another country that can’t be recovered. Those things are all problems when we talk about the corporate side of the fraud, when companies are defrauded by these same individuals.”

New-school security awareness training can give your organization an essential layer of defense by enabling your employees to avoid falling for scams and other social engineering attacks.

READ MORE

Ragnar Locker Ransomware Finds Its Next Victim in Taiwan Computer Memory Manufacturer ADATA

The ransomware attack occurring in late-May required the maker of consumer and industrial memory products to take systems offline, causing them to recover and upgrade affected systems.

Ragnar Locker hasn’t been in the news much since they became a part of the Maze extortion cartel in the middle of last year. But their latest attack on ADATA signals they aren’t going anywhere and are succeeding in infiltrating and encrypting victim environments.

In an email statement to Bleeping Computer, ADATA confirmed the attack on May 23rd which disrupted business operations. And while no details were released, it appears from the email communications, ADATA was successful in implementing a response plan:

“The company successfully suspended the affected systems as soon as the attack was detected, and all following necessary efforts have been made to recover and upgrade the related IT security systems.”

The bad guys at Ragnar have claimed responsibility for the attack, alleging they have stolen 1.5TB of data – which can include intellectual property, source code, legal documents, confidential files, and more.

ADATA leak page

 

 

 

 

 

 

 

 

 

Source: Bleeping Computer

The upside to this story is ADATA signifies that it’s possible to have proper response plans in place when you’re hit with ransomware to minimize operational disruptions. The downside is ADTAT – and any other organization in their same situation – now has to content with what to do about the stolen data. Remember, ransomware gangs aren’t just arbitrarily taking whatever data they find; they are inspecting all the data they have access to and selectively choosing what data to exfiltrate.

Ragnar has historically gained access via phishing attacks, which are largely preventable with Security Awareness Training that enables users to elevate their attentiveness when interacting with suspicious email and web content.

READ MORE

Phishing Trends Show X-Rated Themes Have Skyrocketed 974%

Phishing lures with X-rated themes have spiked over the past year, according to researchers at GreatHorn. The researchers explain that these emails are effective at getting people to click, and will also make victims reluctant to report the attack once they realize they’ve been scammed.

“Between May 2020 and April 2021, the number of such attacks increased 974%,” the researchers write. “These attacks reach across a broad spectrum of industries and appear to target based on male-sounding usernames in company email addresses.”

The researchers note that in addition to stealing information, the attackers can also return to blackmail victims.

“Attackers use phishing attacks as an initial vector to gather information about the target,” GreatHorn says. “Because of the x-rated content, attackers set up victims with compromising material to be used for blackmail. In these attacks, cybercriminals are tracking the identity of victims who click on their sites by using a technique called an email pass-through. The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address. Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage. Individuals who clicked on links to compromising material could be targeted in the second attack to extort the individual.”

GreatHorn shares a representative example in which a phishing email claimed to come from a woman staying in the same hotel as the recipient.

“The link at the top of this email points to a destination page which is classified as Malicious by Google Safe Browsing,” the researchers write. “Clicking on (https://sites[.]google[.]com/view/interestedyou would bring you to a site with photos. There, a further link points to hungrygrizzly[.]com, which has the appearance of a dating site. It is likely a fake site designed to hook users into providing payment information. User data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing, or committing further frauds.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for phishing attacks. (And seriously, people–control yourselves online.)

READ MORE

Deal or No Deal: The Double-edged Sword of the IT Security Bundle

The concept of “bundling” has become very popular among large IT vendors over the past decade as it promises a number of benefits.

But, does the bundle really deliver everything promised? Well, as usual, it depends.

What Is Bundling Exactly?

Let’s first start by having a closer look at bundling. It is a sales tactic that large IT and cybersecurity vendors use to grow their “footprint” within a customer account.

Essentially, it works like a value meal at your favorite fast food joint: Why have just a burger and drink when you can have fries too for just a little bit more?

Sounds like a great deal and sometimes it is, particularly when the fries are actually spicy curly fries (I’m looking at you, Jack in the Box).

But what if those fries are not so great? Have you ever had bad fries that just make you really want the good ones? Without doing some homework, your great cybersecurity bundle may come with some soggy fries.

Deal or No Deal

Seriously, a good bundle can be a great thing. But only if all of the products and services included by the vendor are best-in-class (equivalent to best-of-breed), and you are getting a significant discount on everything you need. In that case it makes a lot of sense.

Some of the benefits of bundling are beyond the product themselves. Let’s take a look at a couple of those perceived benefits: streamlined procurement and the “one throat to choke” single vendor concept.

Streamlined Procurement

We all know that procurement is a tedious and expensive process. The legal reviews of multiple vendor contracts can eat up cycles and are sometimes frustrating. And for non-mission critical purchases, it might be worth compromising on quality to simply reduce the procurement burden on the team.

But consider some questions to ask yourself:

  • Will the one-vendor concept equate to greater success in my core objective (employee risk reduction) for major cybersecurity components?
  • When a bundle is offered, are you able to complete the due diligence on each critical product as you would in a stand-alone transaction?

You might notice that these great bundle deals often come with a short deadline. Bundling can mean that “somebody’s” project is going to be compromised or cause an excessive amount of admin overhead because the bundled product is likely not what their team would have chosen in a head-to-head evaluation.

There are other considerations as well. A single procurement cycle is efficient the first time you go through it, but what about following years? These vendors aren’t foolish and they don’t stay in business by giving great products away for free. You should consider the power dynamic that you’re creating for your vendor every renewal cycle.

Single Vendor Dynamics or the “One Throat to Choke” Analogy

When a vendor relationship works great, then it’s a wonderful thing to behold.

However, when there are missed expectations, promises unfulfilled or simply poor delivery from a large vendor, it can feel like that single throat being choked is yours.

Let’s be honest, even the biggest cybersecurity vendors with a myriad of product offerings typically “specialize” in just a few. Yes, over the years they have expanded their portfolio, usually by acquisition, but at their core they often do only one or two primary things exceptionally well.

Whether that focus is on endpoint security, the firewall or an email gateway is dependent on the vendor, but each one has their “golden goose” solution. That’s the product that you’re really paying for; that’s where they truly make their profit and, generally, that’s where they put their resources.

Secondary products included in a bundle may, in many cases, be “good enough” and sometimes not even that. Unfortunately, that’s often only discovered after the fact.

What you may also find is that it’s not just the product that’s substandard. Support resources are commonly metered based on the profitability of the product. That golden goose sucks up a lot of resources!

It’s not uncommon to find that the “one throat to choke” strategy doesn’t necessarily mean that you’ll always have access to subject matter experts and that tech support and customer service for the vendor’s non-core products is often woefully lacking.

The Integration Perception

One of the favorite terms that are batted around in hallways of vendors’ offices is “markitecture.”

It’s a slick way of putting various products together on a slide or graphic that makes the product portfolio look as if it fits together as cleanly as new Legos. The reality is that these diagrams are for illustration purposes only and often do not have any connection to the reality of whether there is actual integration of data, processes or administration between those products.

It’s the same (often literally) with the bundle. There’s lip service to a “fully integrated solution” during the sales and procurement cycle, but once the sales reps have all gone home it’s not uncommon to find multiple management consoles, non-compliant data structures and unmet expectations.

Combine that with a subpar product and you’ve got….frustration (to say the least). Don’t worry though, the vendor may offer to help you solve these problems – all you need is to purchase their professional services.

In the end, it’s important to ask a few very important questions of your vendor:

  • How many consoles will we need to access to perform the expected task?
  • Can you show me how that works live?
  • What about importing users, admin privileges, and granular control?

These would likely set you down the path to find out just how “integrated” this bundle is.

Cybersecurity: Best of Breed vs. the Bundle 

So the bundle can have some advantages, but there are just as many pitfalls that you have to watch out for, and that really applies to any type of large IT purchase.

However, evaluating and purchasing your mission-critical cybersecurity infrastructure is not the same as purchasing other important, but less critical solutions for the back office, for example.

We are under attack from highly sophisticated, dynamic and relentless criminal organizations. As security professionals it’s our job to prevent downtime and keep the company jewels safe, along with the private information of our customers and employees.

“Good enough” does not cut it in this environment, particularly when you’re talking about your single largest organizational vulnerability: your users.

Let’s face it – sometimes security awareness is thrown in as an extra incentive on an email gateway or other large cybersecurity purchase. Vendors offering bundles are almost always bundling in me-too products that are not nearly as fully featured as their best of breed competitors. So, the only way they can compete is by giving these non-optimal products away to help “seal the deal” for their main product. You get what you pay for.

With human error being responsible for the majority of data breaches, security awareness is your last line of defense. Having highly engaged, trained and security-aware users is a very powerful human firewall to the threat actors that are continuously testing your vulnerabilities. We’ve all seen the statistics, phishing is one of the most common penetration points for ransomware.

While bundles can seem to be a good way to save some money and lessen the procurement headache, you absolutely cannot skimp on your security awareness training. You need the best… not a bundle blunder. Get the full whitepaper: Stand-Alone Product versus Product Suite for all the key points you need to know before choosing Best of Breed vs. “Integrated Solution”.

 

Blogged By: Perry Carpenter

READ MORE

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver malware.

“Our latest Transparent Tribe research confirms that the group continues to create malicious domains mimicking defense-related entities as a core component of their operations,” the researchers write. “During our most recent investigation, we discovered a fake domain, clawsindia[.]com, registered by the attackers. This domain masquerades as the website for the Center For Land Warfare Studies (CLAWS), an India-based think tank covering national security and military issues.”

Cisco Talos also notes that the threat actor is targeting more verticals than usual in the latest campaign.

“While military and defense personnel continue to be the group’s primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations, and conference attendees, indicating that the group is expanding its targeting,” the researchers write.

The researchers add that Transparent Tribe is putting more effort into making its phishing lures more convincing.

“The actors recently deviated from the CrimsonRAT infection chains to make their ObliqueRAT phishing maldocs appear more legitimate,” the researchers write. “For example, attackers leveraging ObliqueRAT started hosting their malicious payloads on compromised websites instead of embedding the malware in the maldoc. In one such case in early 2021, the adversaries used iiaonline[.]in, the Indian Industries Association’s legitimate website, to host ObliqueRAT artifacts. The attackers then moved to hosting fake websites resembling those of legitimate organizations in the Indian subcontinent.”

Transparent Tribe also used HTTrack, a website copying tool, to create identical duplicates of legitimate sites.

“These examples highlight Transparent Tribe’s heavy reliance on social engineering as a core TTP and the group’s efforts to make their operations appear as legitimate as possible,” the researchers conclude.

New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to thwart social engineering attacks.

READ MORE

Paying the Ransom Is Not Just About Decryption

I just read that a well-known pipeline company paid $5M to the ransomware hacker group. And despite that, they are still having to use their backups because the decryption process is too slow. This does not surprise me. I also recently read that only 8% of ransomware victims who pay the ransom get all their data back.

But paying the ransom likely means they will be back up sooner than otherwise and it negates a whole lot of other issues. I am not saying every victim should pay the ransom. Obviously, if we keep doing that ransomware will never stop. But if you think paying the ransom is mostly about getting a decryption key then you’re not thinking about ransomware correctly. It’s changed. And paying the ransom is often still the best choice even if you have great backups. Here’s why:

You Still Get More Usable Data

First, the victims that do pay the ransom have an overall better data recovery rate. The same report above that said only 8% of victims that pay the ransom get their all their data back also concluded this, “The researchers found that, on average, victims who pay the ransom recover about 65% of their data, while 29% of respondents said they recovered less than 50% of their data.” So, if you want a better chance of recovering more of your data without recreating it or doing without it, pay the ransom.

Faster Recovery Time

I know many victims who philosophically and ethically refused to pay the ransom. I applaud them. However, many of them were still down or not fully operational far longer than the victims that paid the ransom, on average. I know of many victims who did not pay the ransom who were down months and were still not fully operational nearly a year later. I haven’t heard that from victims who paid the ransom.

Data Exfiltration Is a Huge Worry Now

Over 70% of ransomware now exfiltrates a victim’s confidential data, files, logon credentials, and email before launching the encryption process. Most ransomware gangs spend weeks to months surveilling the victim, reading C-Level emails, and trying to figure out the “crown jewels” of the organization. Then they steal the confidential information and threaten to release it publicly, or to hackers, if they are not paid. A backup is not going to save you.

An organization’s vital, confidential data is released all the time. It happened to DC Metro police recently. The ransomware group got mad because the victim’s initial negotiation amounts were too low. The ransomware group released the vital information on recent police recruits (including their personal identifying information) and internal reports with confidential information I am sure the police would not want released.

Ransomware gangs just want to get paid. They will do whatever they can to the victim…encrypt files, denial-of-service attack them, steal and post information, attack their employees, attack their customers, attack their partners…whatever it takes…to get the victim to pay. Every ransomware group would be glad to not to have do any of these things if meant they would be paid. They are also just as willing to cause as much pain and embarrassment as possible to get paid. And if you don’t pay, they will make it as painful as possible as a lesson to the current and other victims.

And when they attack your employees, customers, and partners, they let them know that the only reason they are attacking them is because the original victim didn’t pay. They say the original victim didn’t care about them and their data enough to stop the ransomware attack and didn’t care about their personal information enough to pay the original ransom. It must cause some reputational issues with the original victim.

What ransomware is doing beyond just encrypting files isn’t new. The new class of ransomware, which I dubbed Ransomware 2.0, started showing up in November 2019. I first wrote about these issues back in January 7, 2020. The only thing that has changed is the percentage of ransomware that started to deploy these additional tactics. Today, it’s over 70% of all ransomware, and it’s likely far higher than that. Heck, if all ransomware does is encrypt your files when it goes off, consider yourself “lucky”.

If you want to learn more about what ransomware is doing today beyond just encrypting files you can watch my webinars here.

Less Likely to Be Hacked by the Same Group Again

One of the biggest questions I get about ransomware is if the ransomware group will hack the victim again even after they pay the ransom? After all, they are criminals, who can trust them? Well, if ransomware criminals re-attacked the victims that paid them, no one would pay them. It’s in the ransomware group’s own best interests to not re-attack the same victims after a ransom has been paid. In fact, most ransomware groups keep track of who has paid the ransom and purposefully avoid them. I’ve heard of victims being re-hit by the same group, complaining to the group that they already paid the ransom, and the ransomware group helping to quickly unlock their files.

Conversely, I’ve heard of a lot of victims who didn’t pay the ransom who were hit again by the same group, but the second time is always much worse – more servers encrypted, more damage, more pain, higher ransom request.

And this is not to say that some victims that paid the ransom don’t get hit again by the same ransomware family. There are unscrupulous ransomware gangs who have no “thief’s honor code”. But it happens more often because the ransomware is being used by multiple “affiliates” and another affiliate accidentally hits the same victim again because they entered through another IP address or business unit of the same company that wasn’t on the ransomware groups “do not target again” list. Mistakes happen. And once the group has successfully hit a victim, again or not, some don’t back down. But it’s clear that the victims that do pay the ransom are usually not hit again by the same group.

What happens far more often is that a victim pays the ransom to one ransomware group and is then, weeks or months later, hit by a completely different ransomware group because they did not get secure enough to keep other groups out. You must close all your vulnerabilities if you want to stay secure. Paying the ransom is not a “Get out of Jail Free” card that all the other ransomware groups will respect. Paying the ransom only gives you that “right” within the same ransomware group. Most victims who pay the ransom will not be hit again by the same ransomware group. That’s the best we can say.

Paying the Ransom Is a Business Decision

Paying the ransom or not is usually a business decision. It even involves figuring out if it is legal to pay the ransom to the group requesting it based on your country’s laws. It is not to be taken lightly. But paying the ransom is about far more than getting a decryption key. You should have already decided ahead of time, before you are hit by ransomware, if you will pay the ransom. That’s senior management and legal decision. But make sure they understand all the facts and ramifications so they can make the best decision for the organization.

Your Only Defense Is Prevention

It is clear that a good backup and even paying the ransom will not protect you if you get hit by ransomware. Your only defense is to prevent it from happening in the first place. It can be done. Organizations do prevent ransomware from getting a foothold in their organization. How do they do it?

First, they focus on the key methods that hackers and malware use to get into most organizations. That means fighting social engineering, better patching, and good password policies. Fighting these three things will do more to prevent ransomware attacks than everything else. Heck, just concentrating on fighting social engineering, far better, will reduce the most cybersecurity risk to your organization of anything you can do. Social engineering and phishing is the number one way that most organizations get compromised by cybercriminals, but most organizations do not focus their mitigations as if that key fact were true.

You need to use your best combination of layered defenses, including policies, technical defenses, and controls, to prevent your organization from being compromised by social engineering and phishing. How can you do that? Glad you asked. You can download KnowBe4’s Comprehensive Anti-Phishing Guide here.

You can download KnowBe4’s Ransomware Hostage Rescue Manual Guide here.

The password policy you should be using is here.

We are in a terrible era where hackers, malware, and especially ransomware, is running amok. It is going to be many years before it starts to get under control. It’s going to take not only better defenses, but a very tough-to-surmount geopolitical agreement. Ransomware will not get under control until the countries that give cyber safe havens to these types of criminals are forced to crack down on them. That is not happening anytime soon.

Till then, your best defenses are to fight with renewed vigor social engineering, better patch, and have a good password policy. Doing far better at these three things will do more to significantly reduce your exposure to ransomware than anything else you can do. Prevention, not backups, are the keys. Make sure management is aware of the changes in ransomware and how data encryption is not the only threat. Management needs to be aware of what paying or not paying the ransom means so they can make their best decision.

As always, fight the good fight!

Credit given to Roger Grimes and The KnowBe4 team

READ MORE