Don’t Take the Bait! How to Protect Your Organization Against Ransomware Attacks

Cybersecurity crimes have been plaguing companies in the United States for the past 30 years. The FBI’s 2020 Internet Crime Report shows that the total number of reported cases and losses due to cyber-crimes has increased 62 percent in the past five years, with a total of 791,790 incidents reported in 2020, resulting in a collective loss of $4.2 billion dollars.

The general public’s concern about cybersecurity threats has been on the rise, too, due to several notable international scams. In 2017 the virus WannaCry, which exploited a vulnerability in Windows, affected more than 200,000 people, including companies such as FedEx, Telefonica, and Nissan. In 2018 SamSam ransomware infected the city of Atlanta, the Colorado Department of Transportation, and the Port of San Diego. And last year the virus Ryuk became one of the costliest in history, with the ransom amount needed to release an entire system exceeding $300,000 dollars.

With these risks, cybersecurity is nothing to take lightly. In this article we outline some considerations for every business to understand the threat ransomware poses to your organization and how to protect against it.

Understanding the problem when it comes to cybersecurity

First, make sure you understand the basic cybersecurity vernacular. Here are some key concepts.

Malware

A malicious software that can infect your computer and execute harmful actions without your permission. The term is quite broad and covers different threats like virus, spyware, and ransomware.

Ransomware

A type of malware that acts as a hijacker—using encryption, it holds files and systems hostage. Theoretically, when a victim pays the ransom, they receive the decryption key, releasing blocked files or systems.

Trojan

This is any malware that misleads users of its true intent by being disguised as a legitimate software.

Phishing

The fraudulent practice of sending ransomware emails by impersonating a trustworthy entity to obtain personal and sensitive information such as usernames, passwords, and credit card numbers.

Social engineering

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

BEC

BEC stands for Business Email Compromise and is an email scam targeted at individuals in an organization to steal confidential employee or business information.

Some may read these terms and wonder how anyone can be so easily duped into falling for a ransomware-related attack. Through phishing, cyber criminals typically trick users into opening and downloading ransomware by sending a Trojan as an email attachment. If the employees in your organization are not well-trained to understand the building blocks of cyber crime and recognize the malicious methods used, they too could take the bait.

Designing a software solution to prevent ransomware attacks

The good news is that, with Microsoft Office 365, you can prevent sophisticated cyber threats from getting through to your organization. Below we suggest a game plan for combatting ransomware-related attacks using the capabilities at your disposal.

Prioritize employee training

Educating the end user is the number one way to protect your organization from cyber-crimes. Your employees receive hundreds of emails each day and may be opening attachments without thinking critically about them. It takes only one wrong click for ransomware to infect your entire system. Make cybersecurity training mandatory for all individuals who work with your business’s sensitive information.

Establish prevention rules

Next, take advantage of the many security capabilities you have access to as a Microsoft user. For example, Microsoft 365 helps protect your business against ransomware by preventing potentially dangerous files, like JavaScript, batch, and executables, from being opened in Outlook. You can increase this level of protection by adding rules that block or warn you of additional types of infected files. Learn more here.

Explore Microsoft 365 Security Center

In addition to creating rules that work in the background, use the tools Microsoft provides to complement your ransomware prevention game plan. Recently Microsoft increased its suite of security center threat investigator and response capabilities with Defender for Endpoint, Defender for Office 365, and Microsoft 365 Defender. Now you can employ automated investigation and response for critical email-based threats and gather data from multiple sources such as user activity, authentication, email, compromised PCs, and security incidents. Use these insights to understand and respond to threats against your organization and protect your intellectual property.

Implementing Microsoft Attack Simulation Training

With the above game plan in place, round out your cybersecurity prevention approach with Attack Simulation Training, one of the latest additions to Microsoft 365 Security Center. If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes the aforementioned threat investigation and response capabilities, you can use the simulated training to run realistic attack scenarios in your organization. This program helps you identify and find vulnerable users before a real attack wrecks your bottom line.

Attack Simulation Training provides multiple social engineering techniques so you can test a variety of potential phishing attacks:

Credential harvest

An attacker sends a message that contains a URL. When the recipient clicks on the URL, they are taken to a website with a dialog box that asks for a username and password. The destination page builds trust with the user by replicating elements of a well-known website. Familiarity with the website helps convince the user that the link is safe to click.

Link in attachment

This scenario is a hybrid of the above credential harvest attack. In this case, the individual receives a message that contains a URL inside of an attachment.

Malware attachment

An attacker sends a message that contains an attachment. When the recipient opens the attachment, arbitrary code such as a macro runs on the user’s device.

Link to malware

This scenario is a hybrid of the above malware attachment attack. In this case, the individual receives a message that contains a URL inside of an attachment.

Drive-by-url

An attacker sends a messages that contains a URL. When the recipient clicks on the URL, they are taken to a website that tries to run background code that attempts to gather information about the recipient or deploy arbitrary code on their device. The destination page builds trust with the user by replicating elements of a well-known website. Familiarity with the website helps convince the user that the link is safe to click. This technique is also known as a watering hole attack.

If you have Microsoft 365, you have Attack Simulation Training. Use this cool security center feature to discover your cybersecurity weaknesses and strengthen your ransomware prevention game plan.

Preventing ransomware attacks starts now

The State of Ransomware 2021 report by Sophos surveyed 5,400 IT decision makers across 30 countries earlier this year. The report sheds light on the experiences of mid-sized organizations across the globe, revealing that 37 percent of respondents’ organizations were hit by ransomware, with the average ransom paid by mid-sized organizations exceeded $170,000. Having trained staff who are able to stop attacks is the most common reason some organizations are confident they will not be hit by ransomware in the future.

You, too, can gain that confidence. Velosio is a Microsoft Top 1% performing partner worldwide, supporting the entire Microsoft Dynamics portfolio, including the Office 365 family. For more knowledge, training, and support on how to take advantage of the cybersecurity capabilities included in the Microsoft 365 suite and keep your business safe, contact Velosio today.


X