Do you back up everything each hour when your system is busy, and at least once a day, if it is not? Do you disconnect your backup devices from your system when they are not actually backing up? You may have answered the first question affirmatively. However, if you answered the second, “No, I always keep my backup devices running,” you could be vulnerable to a phishing attack.
Yes, your firewalls are secure, and Kaspersky or some other top antivirus software is watching your back. But you have another exposure that can open your front door to attacks.
Here’s how phishing works: Your employee (or maybe your own child) receives this friendly looking (albeit bogus) email from someone they know or some organization they consider benign. The email has text to the effect “Wow! We really loved this picture of (insert entertainer’s name) at the last concert. Open the attachment (or click this innocent looking link) and see if you agree!”
Whether the email has an attachment or link, two alternative bad things can happen:
1. The disguised .jpg attachment
Everyone knows that a .jpg image is harmless, right? Wrong. Say the title of the image attachment is titled concert.jpg. What scammers actually do is bank on the fact that most computers hide extensions.
The actual file extension is either .exe or .zip. So the file’s name is concert.jpg.zip. The zip (or .exe) gets hidden, but click on it and it goes to work. The work can be anything from spraying hostile code to inserting bots that take over your computer and also after your contact list to propagate outward.
2. The little link that could do damage
Click on that link lure and you’ll be taken to a hostile site. The site is waiting to download the equivalent of digital landmines into your system. Or it could be a connection to the Darknet where this guy with a Russian-sounding name is waiting to kidnap your system through the pernicious ransomware attack.
And now, the double ransomware whammy…
Ransomware is not a new threat, having been around for several years. But as potential victims have grown wary of malware, and spam email is increasingly shunted to the junk box, crooks have adapted. Email phishing attachments might go beyond the social and look like an authentic invoice or electronic fax.
According to the FBI, ransomware attacks “are not only proliferating, they’re becoming more sophisticated.” Where they were once just delivered through spam emails, now unwary web surfers can trip over legitimate websites with malicious programming, which takes advantage of unprotected end-user portals.
The ransomware, once introduced, encrypts files on local drives, including anything else hooked up to the system–including backup systems and devices.
A semi-final word about backing up
If, despite all your precautions, a phishing attack is successful and you see that scary ransomware message on your computer monitor, you’ll have but two options: 1) pay the ransom, or 2) restore your system from an uninfected backup source.
Paying the ransom brings no guarantee that whoever is holding your system for ransom will send the decryption code. They might, but they are just as likely to further infect your system with additional malware. However, if you followed the advice to run frequent backups on devices only connected to your system during the backup operation, you can recover. You will only lose data entered or changed after the last backup.
Finally, the importance of a business continuity plan
Nothing will cripple your business like shutting down access to your financial and other proprietary data. The lost revenues and extra expenses can cut deeply into a business’s bottom line, and business disruption insurance won’t cover the intangibles like loss of customer confidence. So a well-designed backup protocol is just one element of an agile business continuity plan.
In the meantime, beware of bogus emails bearing dangerous attachments and links. Even if you know the originator, you can’t be sure they are not sending you a bomb disguised as a smooch.
Alary Clinitech is the trusted choice when it comes to staying ahead of the latest information on security threats, technology tips, tricks, and news. Contact us at (416) 291-7377 or send us an email at email@example.com for more information.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.