It's past 10 o'clock in the evening. Maybe you opened your laptop one final time to check your email. This time, meanwhile, something is wrong.
It's
a slow process. The files will not open. On your Windows system, you're
receiving error messages like "unknown file type" or "no
associated application" if you're a Mac user. Or maybe you've been already
locked out.
The
phone then rings. Your IT staff calls, and you hear the words you begged to the
IT gods not to hear: "We've been breached."
You
look back down at your laptop, and there it is in black and white (and usually
red).
The FBI’s Internet Crime Complaint
Center received 2,474 ransomware complaints in 2020, and that’s just what was
reported. According to Cybersecurity Ventures, a ransomware attack will strike
every 11 seconds in 2021, up from every 14 seconds in 2019 and every 40 seconds
in 2016.
Ransomware attacks have increased
in frequency and intensity in recent years. An attack on a company’s network
that encrypts critical data may cost hundreds of thousands of dollars, if not
millions of dollars. According to Bitdefender’s Newest Threat
Landscape Report 2020, the overall number of global ransomware complaints
increased by 485 % year over year in 2020.
As the worldwide pandemic
continues to change business environments, more individuals are working
remotely, and cybercriminals take advantage of the opportunity to attack users
outside the corporate firewall. Attackers exploited issues related to COVID-19
to exploit fear and misinformation, as indicated by the increase in scams and
phishing efforts across all platforms. In the first half of 2020, attacks
focused on COVID-19-related messaging before shifting to impersonations of
banking, delivery, and travel services in the second half, according to
Bitdefender.
The amount of money demanded
ransom is also increasing. Attempts have topped $50 million, making it the
largest attempted ransom ever. Due to the excessive demands, several businesses
have said “enough is enough” and are refusing to pay till the end of 2020.
According to Coveware’s
Q4 2020 Quarterly Ransomware Report, average payments dropped 34% to
$154,108 from $233,817 in Q3 2020. They attribute the decrease to a loss of
trust in hackers’ ability to delete sensitive information, citing numerous
reports of data being released to the public after payments have been paid.
From new tech to healthcare, oil,
and gas to higher education, ransomware affects all industries. Even during a
global pandemic, the healthcare sector was the most common industry targeted by
ransomware in Q4 2020, according to Coveware, followed by professional services
and the public sector. So, if there’s any chance that a company’s mission or
service to the world can dissuade bad actors, it’s an assumption that should be
discarded.
How to Defeat
Ransomware
So, you’ve been attacked by
ransomware. What should you do next?
1. Isolate the Infection: Prevent the infection from spreading by separating all infected computers from each other, shared storage, and the network.
2. Identify the Infection: From messages, evidence on the computer, and identification tools, determine which malware strain you are dealing with.
3. Report: Report to the authorities to support and coordinate measures to counter-attack.
4. Determine Your Options: You have a number of ways to deal with the infection. Determine which approach is best for you.
5. Restore and Refresh: Use safe backups and program and software sources to restore your computer or outfit a new platform.
6. Plan to Prevent Recurrence: Make an assessment of how the infection occurred and what you can do to put measures into place that will prevent it from happening again.
This method is known as
Domain-based Message Authentication, Reporting, and Conformance, or DMARC for
short, and it protects your brand against spammers forging email addresses that
appear to come from your domain but were not sent from your validated Outbound
SMTP server.
Brands can benefit from this technology in a variety of ways, and it’s simple to implement. Continue reading to learn more about what is DMARC and how to use it to avoid phishing emails sent in your name.
How DMARC works
Due to its decentralized nature of the Internet, email as a system has several security issues that have mostly gone ignored. One of the most serious problems is that every email message has two from addresses:
· The envelope is embedded in the hidden email message header. Mail servers read
this data as a return address.
·
The header from is the one you are most familiar with. It is visible to all email
users in the From field in your email client.
To send fake emails, cybercriminals can use either of these
addresses. DMARC is an elegant and trustworthy system that combines two email
authentication frameworks to verify the trustworthiness of both addresses.
Here's a brief breakdown of what they're all about:
· The Sender Policy Framework (SPF). SPF lets domain owners specify the mail servers that they use to send emails from their domains. This lets email providers verify that messages come from the correct server as mentioned in the Envelope from the field. However, SPF is not perfect. For instance, simply forwarding an email can break the system if the forwarded message originates from an untrusted server.
· DomainKeys Identified Mail Protocol (DKIM). DKIM uses cryptography to ensure that email messages are sent from authentic sources. The cryptographic protocol is quite complex and it has not been widely adopted, which means that DKIM alone cannot reliably verify a sender’s identity. Additionally, DKIM is invisible to non-technical users and does not prevent the forging of Header from fields.
While these two methods by themselves do not provide reliable email authentication, when combined, they form a strong foundation for aligning domains with Envelope From and Header From addresses. These two different aspects of DMARC, domain alignment and reporting, come into play here.
When a DMARC user sends an email, the email provider that receives it checks to see if the header from the domain has DMARC tags. If the response is positive, it checks to see if the Header from the domain matches the Envelope from the domain as verified by SPF, as well as the DKIM-certified domain name.