In 2017, the digital world suffered several massive cyber attacks that significantly affected everyday life.
WannaCry in May 2017 – a ransomware cryptowarm attacked thousands of Microsoft Windows computers worldwide. The virus encrypted files stored in the attacked computer and demanded $300 Bitcoin ransom payments for decoding. The creators of WannaCry used a known vulnerability in Windows operating system EternalBlue. At the time of the attacks, Microsoft had already released patches to close the exploit, but thousands of computers that hadn’t downloaded the update remained vulnerable.
WannaCry has infected an estimated 200,000 computers around the world and caused hundreds of millions to billions of dollars in damage.
Petya in June 2017 – a virus attacked thousands of computers in Ukraine (75%) and other countries. Though it claimed to be a ransomware virus, Petya turned out to destroy the data stored on infected computers. The virus affected most Ukrainian institutions, including several ministries, the National Bank, the National Post, the Chernobyl Nuclear Power Plant, metro systems, and a number of major Ukrainian businesses. The Petya attack almost paralyzed the whole country. International companies with branches in the country also suffered. This is considered the most destructive cyber attack of all time.
Companies and states lose billions of dollars yearly as a result of cyber attacks. Hackers are constantly hunting for new and more sophisticated ways to get inside your computer, steal or encrypt your data, and demand a ransom or destroy your business. However, there’s no attack that can’t be prevented. If you care about the security of your company, this article should act as your guide to digital safety.
Primary security threats
To protect your website or application from maletruders, it is important to understand how they can penetrate your software. In the following section, we describe the most prominent types of attacks and the safety measures you can deploy to avoid risk.
Ransomware is a type of malicious software that blocks access to data on a victim’s computer (usually via encryption) and demands a ransom to decode it. Ransomware gained popularity with the introduction of blockchain and cryptocurrency, which enabled un-trackable payments to ransomers.
There are several ways ransomware can gain access to your computer:
- Phishing spam – a victim receives an email with an attached file. The email may appear to be trustworthy, however, once downloaded and opened, the malware will take over the computer and begin encrypting or destroying data.
- Security holes – ransomware can gain access to your computer through vulnerabilities that have not been discovered or eliminated by the testing team.
How to protect yourself from a ransomware:
- Never open suspicious files
If you receive an email or personal message from a trusted contact – that doesn’t automatically mean it is safe. Maletruders often send infected files using accounts from your contact list. Beware of files with double extensions (like 1СRecord.xlsx.scr), and never open files that come without any cover letter – they can also include ransomware.
- Only install trusted software from trusted sources
This recommendation is a lot like the last one – installing programs with questionable authenticity may welcome a maletruder into your data. Always check the download source of any software.
- Always keep your software updated
Software companies frequently discover security vulnerabilities in their products. When they resolve these issues, they release patches with fixes. Installing all available patches means maletruders will have fewer vulnerabilities to exploit.
- Regularly backup your files
Even if this won’t prevent attacks; backing up your files will make attacks less critical. Even if a particular machine is put out of commission, you will still be able to access your files from other devices or other user accounts.
Following these very simple rules will protect you from catching ransomware. The same general principles apply to avoiding phishing attacks.
How to protect yourself from phishing attacks?
- Check the URL – phishing emails usually include a URL with a minor mistake that might be hard to notice at first glance. But, if you decide to follow the link – try entering it manually or opening the website via your bookmarks;
- Only use an https connection – if the included link lacks an “s” and instead uses http, this may mean it’s a fake website phishing for your personal data;
- Contact the sender – when receiving an email from a trusted party, try contacting that party via other channels to verify the information. The trusted person’s email might be hacked;
- Limit the use of open Wi-Fi networks – this is especially important when accessing online banking account or other services that process sensitive data. Using unsecure connections can make your account vulnerable;
- Use double authentication where possible – if a hacker does manage to obtain your email and password, it will be much harder for him to do anything with that infoю.
International corporations, small businesses and even private users – they all are potential victims of cyber criminals. Maletruders hunt for personal information, banking data, or corporate reports so they can profit, encrypt files and demand a ransom, or just block normal work processes. All this results in losses worth millions of dollars.
But the cybersecurity of a company isn’t just the responsibility of an IT department. Each employee who uses corporate email, works with internal software or has access to sensitive information must do their part. When unintentionally clicking the wrong link, any employee, from a clerk to a company CTO, can potentially open the door to internal information for a hacker.
How to prevent attacks?
- Educate your employees on regular basis.
- Encrypt your data to avoid leaks
- Backup your data to avoid losing access to critical information.
- Use only the latest versions of trusted software to prevent hackers from exploiting known vulnerabilities.
- And, finally, get a reliable security system. Though, if you follow the previous recommendations, a maletruder won’t even get to this barrier.