A growing number of ransomware attacks also means a growing number of cyber actors in the cyber landscape. Thus, competition is growing. In light of this, we continue to see a steady stream of new, creative tactics from different ransomware gangs.
One of the best ways to protect your organization is through education and prevention. On that note, let’s take a look at some of the top new tactics so you and your employees can stay informed.
- Fake Video Meetings. This article examples a new tactic: ransomware gangs using fake video meetings to steal your money. While platforms like Microsoft Teams and Zoom have become increasingly popular (in large part due to the Covid-19 pandemic), this also means the increased usage has made them a target for scammers. This recent tactic typically uses compromised email domains to relay messages to targets with the goal of getting them to complete a wire transfer. While it may sound simple, like many attacks, they are carefully crafted to successfully victimize even seasoned employees.
- Fake QR codes. Another new strategy that has entered the scene is scammers using fake QR codes to steal passwords and money from victims. Again, somewhat a result of the pandemic, businesses have increasingly begun using QR codes for contactless payment options. With the growing popularity with this payment method, scammers have jumped on the opportunity to target users for financial credentials.
- Re-targeting of organizations that have paid ransom. This one is sneaky! Many organizations fall under the false pretense that if you pay up, you rid yourself of the ransomware gangs. This is unfortunately not always the case. We are seeing a growing prevalence of ransomware gangs retargeting organizations that previously paid the requested ransom. Yet another reason to seek guidance from authorities and your IT security team before ever paying ransom demands.
There are a few easy principles to follow to protect yourself and your organization if you are concerned you may be a victim of a ransomware attack.
- Confirm the sender. Whether it is an email attachment, QR code, wire transfer, etc., make sure you are expecting whatever is being sent and that you confirm receipt over the phone from the sender before opening or clicking.
- When in doubt, stop! If you ever think something seems suspicious, don’t do anything and contact your IT security team. They can quickly and easily confirm the safety of the item in question. You are always better safe than sorry!
- Use multi-factor authentication on everything– both business and personal. It is one of the easiest ways to protect your passwords and sensitive information.
Our focus for 2022 is cybersecurity. If your business is looking for IT security support, get in touch with Clarity Technology Group. Contact us here.