The primary method of infecting victims with ransomware involves every hacker’s favorite bait—the “spray-‘n’-pray” phishing attack, which involves spamming you with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. The recent ransomware attacks targeting Congressional members prompted the House IT staff to temporarily block access to Yahoo email accounts, which apparently were the accounts the attackers were phishing.
But ransomware hackers have also adopted another highly successful method—malvertising—which involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust, such as the malvertising attacks that recently struck the New York Times and BBC. Ad blockers are one way to block malicious ads, patching known browser security holes will also thwart some malvertising.
When it comes to phishing attacks, experts are divided about the effectiveness of user training to educate workers on how to spot such attacks and right-click on email attachments to scan them for malware before opening. But with good training, a company can actually truly get a dramatic decrease in click-happy employees.
Contigo offers our clients cybersecurity tips via our Friday End User training series. If you or soemone you know are not receiving these emails, please contact [email protected]. We’ll get you set up for our upcoming cybersecurity training series.