Guest Post by Craig Petronella, President of Petronella Technology Group

Numerous cyberattacks have been documented involving ransomware. Despite ever-evolving attack strategies, the FBI highlights three main attack techniques that are being used by criminals to avoid detection and infiltrate businesses and organizations: email phishing campaigns, remote desktop protocol vulnerabilities and software vulnerabilities.

Ransomware attacks have historically been focused on government agencies, schools, and financial firms. Now, ransomware campaigns are targeting health care organizations, industrial companies and the transportation sector.

“Companies of all sizes across all verticals need to be prepared for ransomware and have in place not only technical controls to prevent, detect, and respond to it, but also raise security awareness among staff so that any attempts to install ransomware via phishing or other social engineering attacks can be thwarted,” stated Javvad Malik, security awareness advocate at KnowBe4 in light of a recent attack that left three Alabama hospitals crippled and unable to accept new patients.

Security awareness training, up-to-date software and firmware, and verified regular backups of systems remain the best defense against attacks. If you fall victim to a ransom attack, the FBI stands firm on their statement to NOT pay the ransom.

“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals,” says the FBI.

There is no guarantee that you will actually get the decryption key once monies are paid, and several malware strains can be beaten with free available decryption tools (several found here). Regardless of whether your pay or not, The FBI strongly urges victims to report the incident to your local authorities.

Read the original post here.

Want to learn more about cyber safety and social engineering trends? Attend our free one-hour CLE webinar coming up in December. Free webinars are just one of the many benefits of belonging to Alta Pro Lawyers RPG. You also get access to the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.

Five Lines of Ransomware Defense
Ransomware attacks are on the rise, and while most attacks are aimed at large entities who can provide large payoffs, individuals are still at personal risk. Until money is paid, you could be looking at a total lockout of all of your files, email, and financial systems. Here are just a few ways to minimize your risk of a ransomware infection.

1. Cybersecurity Training and Awareness. Be aware and be vigilant. Phishing emails are the number one way hackers access your system. Be wary of opening any attachments or links from unknown sources. Keep an eye out for misspelled words and odd links.
2. Use two-factor authentication. Two-factor, sometimes called dual-factor, authentication is a second layer of protection that essentially makes you verify your identity, not just log in with a username and password. Often the second factor is an email or text code sent to your phone.
3. Back up your data offline. Back-ups of critical data are essential. If for some reason your system is hacked, your offline back up will be safe. It can also be utilized to restore your system to its pre-attack state once the virus is removed.
4. Change your password often. And not just by a single digit or letter. The strongest passwords are at least nine characters long and utilize a minimum of one capital letter, one number, and one symbol. Utilizing a password key can help you remember your passwords.
5. Keep your software up to date. Just do it. These regular updates can help patch issues that your current version leaves vulnerable.

 Read the original post here.

Are you a member of Alta Pro Lawyers RPG? If so, you get a 10% discount on Clio software and cloud-based products, not to mention free CLE webinars and 24/7 access to the Pro Practice Playbook. Not a member? Learn how to join here.

About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721