True North Networks Blog
Ransomware Takes its Toll
Ransomware is defined as vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries an attack is considered a data breach.
How does it get on to your computer in the first place?
Ransomware is usually delivered to a computer system via a phishing email. The email itself is harmless until the user inadvertently clicks on a link, opens an attachment or clicks on a piece of malicious advertising in the email the ransomware is released on the PC or system in the form of malicious software (malware).
How does Ransomware work?
Once it is released on the PC, the malware starts to encrypt (scramble) all data files it can find on the PC itself and on any network the PC has access to. When someone attempts to open an affected file they are informed, usually by a message on their screen, that the files have been taken ransom and instructions are provided on how to go about paying the ransom to decrypt (unscramble) the files. Hackers request that ransoms be paid with Bitcoin – an untraceable form of crypto-currency.
Why has it taken its Toll?
In their February 03 media release, Toll Group informed the world that ‘As a precautionary measure, in response to a cybersecurity incident on Friday, Toll Group deliberately shut down a number of systems across multiple sites and business units.’
It was confirmed by Toll Group today that the ransomware that it fell victim to is a new variant of the Mailto ransomware (example of screenshot above).
As a result of our decision to disable certain systems following a recent cyber security threat, we’re continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption.
Stop and think for a moment – what would happen at work if suddenly you were unable to access anything on your computer? It is hard to do this as we all have the ‘it won’t happen to me’ mentality until it does happen. Our friends at Toll Group are in a world of pain right now as they are forced to find alternative methods to serve their customers.
With over 40,000 employees globally, Toll Group had to shift to a combination of manual and automated processes which can’t be fun for anyone. With the potential of over 1000 servers affected, there are no reports of any personal data being breached.
How is ransomware prevented?
The best way to prevent an infection is to not rely on just one solution but to use multiple, layered solutions for the best possible protection.
1. Security Awareness Training: It’s easier to prevent malware infections if you know what to look for. If you understand the latest techniques cybercriminals are using, the easier it will be to avoid. Know your enemy! Take an active approach to educating yourself by taking a new-school security awareness training course.
2. Internet Security Products: There are many commercial products that will help you avoid all malware infections, but understand that none of them are 100% effective. The cybercriminals are always looking for weaknesses in security products and promptly take advantage of them.
3. Antivirus Software: While antivirus is highly recommended, you should have multiple layers of protection in place. It is not wise to solely rely on antivirus software to keep your PC secure, as it cannot prevent infections from zero-day or newly emerging threats.
Remember to STOP, LOOK, THINK and ACT when it comes to your inbox as not all is what it seems to be.