Everyday we use the internet for a variety of reasons and each time we do, we are exposed to potential cyber security threats like the ones discussed in our last blog . Today, while researching trends about cyber security, the team at Maryland Computer Service found data covering the concept of Ransomware coming to the cloud utilizing a phishing scheme to get email users to accept the terms and conditions of a site, which gives the hacker the ability to control the victim’s emails. Be careful this is really tricky as it looks like it would make perfect sense to approve, but can have dire consequences for the company.

            First, I’m going to walk you through what occurs in this new kind of attack, called RansomCloud, then I will walk you through some of the things you can do to protect yourself from this kind of an attack and why it is so important to have a great IT Service Provider, working with you to protect your company, employees, and clients from cyber security threats.

What is RansomCloud?

            RansomCloud is a term for an evolution in ransomware that hijacks your software that is on the cloud, as well as files on computer and files that user has write access on the network, encrypts it, and demands a ransom in exchange for decryption.

How does RansomCloud work?

            The following are what will occur when you experience a RansomCloud attack:

1. Receive a valid looking email, but is really a phishing attempt, that the recipient clicks on.
2. In the email, there is a link to a seemingly helpful service, like spam protection from Microsoft, so the user clicks on it.
3. The user arrives at a site that looks familiar and logs in, which means the hacker now has access to their username and password.
4. A request to approve right to access data, contacts, emails, files, and logging in. You click and accept the terms.
5. When you go to access your email, you can see the titles of the email, but the contents are encrypted.
6. A message pops up telling you how to get access back most commonly by paying a fee via cryptocurrency.
7. If you already hold cryptocurrency, you pay and receive access to your emails and files again. If you don’t you have to go through the process of setting up a wallet, buying crypto, then sending it to the account you were told to send it to.

What should I do after a RansomCloud attack?

            There are several things you should do after a RansomCloud attack:

1. Make sure there are no lingering tracking software that can capture information and re-encrypt your information.
2. Notify all employees to change log-info so that the passwords are not the same.
3. Make sure to update all systems security features to include the sending party as a known risk.
4. Notify your email provider so they can include it as a known risk.
5. It’s also a good time to have your staff do training sessions about best practices utilizing email and cybersecurity. If you don’t have a training program set up, Maryland Computer Service will be happy to help you create one.

Taking the previous steps can help prevent a RansomCloud attack from happening again.

How can I prevent a RansomCloud attack from occurring?

As discussed in “What do I need to know about cyber security?”, some of the thing that can be done to prevent cybersecurity risks, including RansomCloud attacks are:

1. Keep all systems updated.
2. Train employees on proper cyber security practices.
3. Use endpoint protection software like Webroot.
4. Backup your systems frequently so that you don’t lose as much information if you have to reformat or replace your system.
5. Use qualified third-party IT management to assist you in achieving cyber security best practices.
6. Avoid common and default passwords.
7. Hover over links before clicking to verify they are legit.
8. Use DNS filtering solutions to block known threats.

I know this all sounds like a lot to handle, especially while running a customer-centric business. That’s where a managed service provider, like Maryland Computer service can help. Offering services such as data security and monitoring, data recovery, ransomware and spyware protection, malware removal, and network security, we are uniquely qualified to help you find solutions that will help you focus on what you do best with peace of mind knowing that you are proactively taking the steps to protect your, business, clients, and family from the threats of cybersecurity. To learn more about our services, visit us here or contact us by e-mail or phone at 301-202-6521.