Email Us

602-245-8030

“Oops! Did I Just Click On That?” A Cyber Crime Nightmare

by | Jun 29, 2023

A Report By SKL Risk Consultants, LLC

www.SKLRiskConsultantsLLC.com

 

Cyber Crime Nightmare Scenario:

You are at your business computer and the screen goes blank.  Your work day is stacked to the hilt with deadlines.  You are a small, midsize or large successful business with an online presence.

A message appears in crude “Google Translate English,” advising that all your files have been encrypted – rendered unusable – and can be destroyed unless you pay a ransom.

As the sweat beads up on your forehead, you repeat a few silent expletives and repeat over and over, “I have no time for this!

Actually, you probably have no money for this either!

After online negotiation, you are forced to pay out in Bitcoin, or some other cryptocurrency, to what is likely a Russian-based hacking group demanding  a substantial amount of your business assets.  You assume you will get the keys to the kingdom once the crypto is paid; however, your dreams are shattered….they want more money. That is what double extortion by the Russian hacking group called, “we got ya!”  is all about. This is the stuff nightmares are made of and it is a scenario  happening to millions of internet users every single day!

How Often Does Cyber Crime Happen?

It happens at a rate of 1.7 million attacks every day which means every second 19 ransomware attacks occur.  Ransomware attacks, tracked by cloud security provider Zscaler, rose by 37% on a year-over-year basis through April 2023. The entry point for ransomware is often due to employee error when opening seemingly benign virus infected emails. This is known as the hacker’s practice of  “phishing.”   Phishing  is the “point of entry” for a cyber criminal.

Cybersecurity software, however, is the obstacle that protects your system from “point of entry” – mostly.  The more cybersecurity you have on your system(s), the more likely a hacker will pass you by and move on to someone who has no cybersecurity in place.

What is Cyber Phishing?

Cyber phishing refers to a fraudulent attempt in which hackers masquerade as trustworthy entities via email and/or text delivery.  They are very clever in getting the email recipient to open up the email and/or text using enticing subject lines to make the recipient feel confident it is legit.  Actually, it is a trick used to infect computers with spyware, or ransomware, and gives control of the computer to the hacker. Phishing is the most common form of cyber crime. An estimated 3.4 billion phishing emails are sent every day. Phishing  attacks are the hacker launching pads!

With 3.4 billion phishing emails sent to computers daily, you probably are thinking how much time do I have to make a decision on cybersecurity?

Answer:  You have approximately 19 seconds because that is how long it takes for the next attack!   It is not a matter of “if” you will attacked by cybercrime, but it is “when” you will be attacked.Example Of Initial Access:

An employee of the victim organization searched for “Zoom” in a popular search engine to download the remote access software. A false malicious Zoom website appeared in search results.  The employee visited the malicious website to download Zoom, but unknowingly downloaded malware masquerading as legitimate software. Oops!

…reprinted from Paloalto Unit 24 “Ransomware and Extortion Report 2023

What If I Clicked On A Phishing Link On My Phone or Computer?

*Disconnect. your device from the Internet.

*Disconnecting from the Internet will help reduce the risk of malware spreading to other devices on the network. This will also prevent the hacker from accessing your device or sending out confidential information from it.

*Enable airplane mode on iPhone or Android.

In summary, SKL Risk Consultants are your “risk mitigators.”  We are the team of business advisors that identify risks that you don’t even know you have.

If you want to learn more on how to prevent a cyber criminal from infiltrating your business systems, please give us a call.  Our “no obligation” assessment will provide you with insight on how to shore up your business operations from criminals.

In the meantime, below are ten steps to follow regarding to help protect your business (and personal) data:

  1. Keep your software up to date: Regularly update your operating system, antivirus, and other software to stay protected against vulnerabilities that hackers can exploit.
  2. Use a reputable antivirus and anti-malware solution: Install and update a robust security software that can detect and block ransomware threats.
  3. Be cautious with email attachments and links: Be wary of opening email attachments from the unknown senders or clicking on suspicious links. These can be gateway for ransomware infections. Verify the sender’s identity and carefully check the email content before opening any attachments or clicking on links.
  4. Use strong, unique passwords: Create strong and unique passwords for all your accounts, including email, social media, and online banking. Avoid using the same password across multiple platforms.
  5. Enable pop-up blockers: Enable pop-up blockers in your web browser to prevent malicious ads and pop-ups that may contain ransomware.
  6. Backup important data regularly: Regularly back up your data to an external hard drive or to the cloud.  This way, even if your files are encrypted by ransomware, you can restore them from backup without having to pay ransom.  Avoid paying ransom whenever possible!
  7. Disable macros in Office documents: Disable macros in Microsoft Office files as they can be used to deliver ransomware. Only enable macros if you trust the source of a document.
  8. Stay cautious while downloading files: Only download files from reputable sources. Be cautious of downloading files from torrent websites or unfamiliar sources as they may contain malicious software.
  9. Educate yourself and your employees: HOLD CYBERSECURITY TASK FORCE MEETINGS at your office (or offices).  Have a command center of employees who are training/educating other staff and who know what to do if a ransomware hits your system(s).   Employees should be constantly trained on what to look for in emails.
  10. Enable two-factor authentication: Enable two-factor authentication on your online accounts to provide an extra layer of security.  This helps protect your accounts even if your passwords are compromised.

On Your Mark, Get Set Go!

In the next 19 seconds, a business or individual will be infected with ransomware.  Don’t be too busy that you don’t protect yourself from this malicious attack.

Contact SKLRiskConsultants LLC. Today!

Respectfully Submitted,
Sandra K. Little, CEO, MBA, CPCU, ARM, CRM, CIC, RIMS-CRMP

 

*Sources:

*https://www.nytimes.com/2021/07/31/opinion/sunday/russia-ransomware-hacking.html

*https://www.info.zscaller.com

*Ransomware and Extortion Report 2023

 

You might also be interested in…

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Read insightful articles, gain practical knowledge and earmark key information for future use. Enter your email below to sign up!

You have Successfully Subscribed!