I recently had the pleasure of attending an emergency response seminar about ransomware.  There were a few hospitals represented as well as government employees too.   Everyone represented Palm Beach County. What I realized is everyone talks about what to do if the systems are down but no one talks about prevention.

First let me preface by saying that nothing is 100% You can have all the security software in place, firewalls etc. but as soon as someone either opens a link they shouldn’t or clicks on something on the internet they shouldn’t it’s over. An example of software is proofpoint – it is a good tool, it disables all downloads as well as checks the site, but the user has the option to exit the software and it only works with email links. Most companies are now putting a header on emails from an external source and even some a limiting outside email access.  From experience I can tell you that ransomware spreads fast.  It shuts down everything and it targets your backups first. 

But this is all reactive, not proactive.

Why doesn’t anyone take the time to educate users on what to look for?  I’ve heard all the excuses. “I get so much email, I don’t have the time to look at everything” “I was just looking for something and suddenly things just popped up”… It goes on and on.  Users need to pay attention to what they are doing.  Most companies have an orientation when they hire new employees, why not make this part of the orientation?

Here’s an example of what a user may see:

Notice the email address –

Ace Department <editor@mailb.pjnewsletter.com>

Notice the to address:

To:reporting5@att.net

Then is says Congratulations and there’s a link to click for a confirmation. To the trained eye it screams fraud.  However, to someone not thinking, they will click on that and who knows that happens next.  But, if you show the user what to look for, then perhaps they will discard the email in this case.  Same with the internet, things pop up unexpectedly telling you that if you click this then you’ve won.  But it’s the same thing.  You click on the link and then you’re infected.  In my private business I’ve had many users who call me up telling me they clicked on something and now they can’t get to their bank.  This is called a hijack.  The page gets hijacked, and you can’t get to your site. Every time you click on your site, you get the same redirect page, and you can’t get to where you want to be.  You must go in and clear the cache, but that’s if you’re lucky.  The other option is you clicked on a link and now your PC shuts down and everything is lost.

Let me also say that I was shocked to find out that most places do not lock down their internet or perhaps administrators don’t know how…  Personally, I lock down my internet.  I only allow users access to what they need, not what they think they need or want.  Ransomware is expensive.  It takes out all systems it hits by encrypting everything, rendering it useless.  I would hope that companies don’t pay the ransom, although someone did say why not pay.  I said pay?  That’s like someone robbing your home and calling you to pay to get your stuff back.  And in addition, who’s to say that you will get that encryption key to unlock your systems?  Also, if they got you once, chances are they will get you again because they will try again.

So what is the answer?  In my opinion companies need to take the time to educate their users, lock down internet access and use as many tools as they can.  But it all starts with the user.  Show them how to look at the senders’ email address.  Show them that they did not win the contest they didn’t enter.  Show them that they need to be aware of what they are doing on the internet and most importantly, hold drills.  Meaning send out test emails to see what they do.  Maybe send them to a site and see if they are tempted to click on that link.  AND HOLD THEM ACCOUNTABLE!!  No one gets held accountable.  I’m not suggesting you fire the employee; I’m suggesting you hold them accountable by having them take a review on what to do.  If companies do not try to prevent the infections from Ransomware or other viruses, then they are vulnerable.  Virus protection will not protect you either.  Virus protection is only as good as it’s last update.  Don’t get me wrong, it’s a good tool but it will not prevent something new.

For the home users, you need to think before you click.  Ask yourself, did I order anything from FedEx, Do I even have an Amazon account that is locked and If I do have an amazon account that is locked, then why would they send me an email? Try to login to your Amazon account if you want to make sure that is wrong.  Did you even order anything as the email says you did..  You must use your head to realize that things are traps.  People will try to steal your data, identity, even your money if you are not careful.  Personally, I almost fell for the Zelle scam before I realized that it was impossible because I wasn’t expecting any money from someone I didn’t know.  This is the best way to keep your information safe.  If something doesn’t look right, it’s probably not right.  Close your browser and start again.  Delete that email and if it’s real I’m sure the company will find you.  CHECK THE ADDRESS OF THE SENDER! abcfgik@xxx.com isn’t real. Stop, look and THINK…