Ransomware’s Primary Attack Vector

Ransomware has been around for several years, but it is front-and-center in the public consciousness due to the recent Colonial Pipeline attack and its effects on the supply of fuel to the East Coast. Following cybersecurity best practices such as having up-to-date antivirus software, fully-patched operating systems, effective firewalls, and secured data backup are critical in defending against these attacks. NetAscendant manages these protective measures (and more) for its customers, but the individual user also has a strong part to play since the primary attack vector utilized in ransomware attacks is phishing/malicious emails.

IT-support-managed-services-cybersecurity-small-business-oil-gas-Midland-Texas-secure-lock.jpg

Please review the following tips for not falling victim to a phishing/malicious email attack:

  • If you are ever prompted to enter your email address and password after clicking on a link in an email request, err on the side of caution and don’t enter it. There is a minuscule chance that you will ever need to do so, especially from an unsolicited email.

  • If you are not sure of the email’s validity, directly contact the purported sender using contact information from official sources. In other words, do not use the phone number or email address listed in the email.

  • Be wary when opening any email attachment, especially in an unsolicited email.

  • Do not click on an embedded link in an email unless you are expecting it and are 100% certain that sender is legitimate. Even if you are sure that it is a legitimate email, be sure check the URL to see if it is genuine.

  • Never enable macros on an attached Microsoft Office (Word, Excel, etc.) document.

  • Be on the lookout for misspellings or grammatical mistakes. If you see them, alarm bells should go off.

  • Be distrustful when the email tries to create FUD (fear, uncertainty, and doubt.)

  • Do not get in a hurry. When we act rashly, we introduce risk.

  • Report suspected phishing scams to your IT group, especially if you took some sort of action.

  • When in doubt, don’t take action. It is simply not worth it.