In 2021 there were 2,048 ransomware complaints filed with the FBI. Companies paid over $2M in to retrieve their data. Yes, you should be worried, or at the very least, aware.
What is Ransomware anyway?
Simply put, Ransomware is one of many types of malicious software that is designed to block a user or organization’s access to their computer files, systems, or networks. Hackers encrypt the data and demand a ransom payment for a decryption key. Payment is typically demanded in bitcoin or credit card. Unfortunately, ransom payments do not guarantee that you will get the decryption key or that your data will be returned. Most often, it is not.
Ransonware Attacks on the Rise
The ransomware industry really kicked off in 2017 with the WannaCry outbreak. Since then, several variations have hit the market. The COVID-19 pandemic contributed to the recent surge as organizations pivoted to remote work, creating gaps in their cyber defenses.
OK, How Do I Get Infected?
There are SO many avenues into your system, and when we’re busy working, it’s really easy to overlook potential threats.
Email attachments: We all rely on email to communicate, but it is not very secure. Keep things easy, if you don’t know the sender, don’t open the email/attachment/link. If you do know the sender but find the email odd or suspicious, confirm with them prior to engaging with the email. (and by confirm, we don’t mean reply to the email)
Spear phishing: Nope, it’s not what’s for dinner. This is a targeted email attack. The hacker knows enough about you to mimic a scenario that could be real. Example: you receive an email from your CEO asking you to take a survey, from HR asking you to download a new policy, etc. While some of these requests are legitimate, trust us when we say your IT department would prefer a call to verify validity over the call telling them your screen just went blank.
Social engineering: These attacks are tricky. They can look legitimate, oftentimes impersonating someone you know. They can even contain snippets of real emails previously sent from a trusted company or friend. The messages are often so familiar, the attacker is hoping you’ll click before you realize it is a scam.
Malvertising: You can find malicious advertisements on any webpage. These links can start the ransomware process by tracking information about your system and internet usage. When you are tempted by advertisements, it is best to note the name of the company or product and Google it. Go straight to the source whenever possible.
Solution – Never Going Online Again
Well, that is one way to deal with internet attacks, but it’s not likely sustainable. Ransomware is designed to stop productivity and it does just that. Any device that connects to the internet is at risk. Implementing security protocols and training is the best way to combat malicious attacks.
A few helpful tips while you’re surfing:
- There is no prince/princess waiting for your hand in marriage
- There is no long-lost relative that suddenly wants to give you money
- You did not win a lottery you didn’t purchase a ticket for
- Pay close attention to the email address of the sender. For instance, your bank is not going to send you an email from a @gmail account.
- Pay close attention to the verbiage in an email. While hackers are very good at what they do, most often there are subtle clues that the message is not legitimate. A word that is not quite right, a 3 in place of an E, etc.
- Slow down and be intentional when you are online
ConDoc is a feature rich construction documentation management platform. Our web-based platform is available on or offline, on the web and iOS and android mobile platforms. ConDoc puts your project documents at the fingertips of everyone engaged in the project, making it easy to communicate in real time with the entire project team, collaborate around changes, and control versions, timelines, and budget. Our robust auding captures all activity, per document, across your project portfolio.
As you know, in construction, real-time data is worth its weight in gold. Can you afford to have your project data held for ransom? Rest easy and rely on ConDoc with your project data. Our servers sit behind a FIPS compliant firewall. Data is fully encrypted at rest and in transit. ConDoc, Your Project, Your Data, Ultimate Accountability.
Call us today for more information.
Disclaimer: We are not cyber security experts. We have spent our careers in the software industry and have been bitten a time or two by viruses. We follow strict safety protocols and undergo cyber security training annually.
