Return to Cloudburst

Raise Your Awareness on Ransomware

Recently, you may have read about multiple successful ransomware attacks on businesses in our industry. Because we do business in the same space as the victims of these recent attacks, we feel it is critical to raise the level of awareness across the industry, to be on the lookout for more targeted attacks on our businesses.

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. They can use email, links on web sites, social engineering, or even USB sticks dropped on the ground to deploy their attack.

The volume and sophistication of these attacks is growing each day.

While we all should have defensive tools in place, the vigilance of your staff is the most important tool you have to protect against cyber-attacks. It’s critical to slow down and take extra precautions – be suspicious and use careful judgment before opening, previewing, or clicking on links in any emails, Slack messages, texts, support tickets, or any digital communication. This even includes something that looks like it came from a vendor like Invoice Cloud, or someone you know. When in doubt, contact the sender directly to confirm the message is legitimate.

Below are some best practices that should always be kept top of mind and applied to both our personal and professional lives. Exercising a healthy wariness of emails and all other communications is a good habit to have.

  1. Don’t open an attachment unless you know who it is from AND are expecting it. It is always acceptable to ask the sender if it is a legitimate message.
  2. If you receive an attachment from someone you don’t know, don’t open it or try to confirm it is legitimate. Delete the message and attachment immediately.
  3. Be cautious about email messages that instruct you to enable macros before downloading attachments. When in doubt, stop and contact IT support for assistance.
  4. Hover your mouse over links before you click on them to see if the URL looks legitimate. When in doubt stop and contact IT support for assistance.
  5. Open a new browser and manually type in the address from a message, versus clicking a link or copying and pasting the URL.
  6. Understand that reputable businesses will never ask for personal, sensitive, or confidential information via email, text, or other insecure means.
  7. Learn how to recognize phishing by being alert for:
    • Messages that contain threats to shut your account down.
    • Requests for personal information such as passwords or Social Security numbers.
    • Messages that force a false sense of urgency or create panic.
    • Forged email addresses.
    • Poor writing or bad grammar.