The Threat of Ransomware is Rising During COVID-19 Crisis

Becky works for Dan and she’s working from home. She just opened this email. She doesn’t know where Dan is at the moment or what he’s working on. To keep things moving along she’s reacting quickly to every email. So Dan’s short note gets her attention right away.

The problem is that this email isn’t from Dan. It’s a phishing email from a hacker who is trying to get Becky’s username and password to their accounting system. And when Becky clicks the link in the email, and goes to a login page that looks like her accounting system’s login page and enters that username and password, the hackers now have an open door to take their accounting data ransom.

This scenario isn’t fictional. It’s how most ransomware cases begin.

The Threat of Ransomware is Rising

The risk of ransomware has grown now that more of us are working remotely.  Hackers are using the COVID-19 crisis to create urgency in their emails, and to play off people’s emotions. Even before COVID-19, ransomware has been on the rise in commercial service companies. 

Ransomware uses technology to encrypt a victim’s files, effectively locking them out of their data. The attacker then demands a ransom from the victim to restore access to the data upon payment. 

Both the City of Durham and Durham County, North Carolina were recently crippled by a ransomware attack.  It took down websites and phone lines to fire and rescue along with countless other services.

The Durham attack was initiated by an employee clicking a link or opening an attachment in an email that brought down the city and county’s operations. “These viruses are just rattling door knobs,” said Durham Mayor Steve Schewel, “and they’re seeing what’s open.”  “This is not rare. This is common. This was not a question of if this was going to happen, this was a question of when this was going to happen. And the question is if we are prepared?” 

How do you keep members on your team from inadvertently opening the door for hackers to access your business data?

Educate Your Employees

With many if not all employees working remotely, now is a good time to educate or remind employees to watch out for potentially harmful emails. At the 2019 Digital Wrap Conference, ServiceTrade Customer Success Project Managers Patrick O’Neill and Dax Beaton shared four ways to sniff out a stinky phishing email in your inbox. 

Branding

The branding, from email address, and reply-to email addresses are incorrect.

Attachments

The email has attachments that you’re not expecting. Don’t open unexpected attachments without first checking with the sender. And never open an attachment from a sender that you do not know.

Language

The tone or language patterns don’t match those of the sender. Everyone makes typos, but misspellings are another red flag if you’re already suspicious of an email.

Links

Links don’t go you where you think they will. For example, if you get an email from one of your providers asking for payment that doesn’t seem correct, don’t follow the link provided in the email. Open a new browser window and go directly to the vendor’s website to login and check it out.

So what should you tell your employees?  Show them these examples and make sure they are on the BALL, especially when working from home. If they receive a suspicious email, look for potential red flags, including the email’s:

• Branding
• Attachments
• Links
• Language

Earlier this month a customer told us that their accounting server was attacked and that having their customer service data in ServiceTrade saved their business. Even though they couldn’t reach their accounting system, all the data was there, in ServiceTrade, unaffected by the attack. With their ServiceTrade data they were able to piece things back together with their customer information, service history, and everything that still needed to be billed to customers.

Unfortunately for many businesses, it’s not a question of if you will be the victim of a ransomware attack, but when. With many, if not all, of your employees working remotely, now is an important time to educate them and take proactive steps to protect the business you’ve worked so hard to build. 

If you have questions about these types of attacks or why ServiceTrade’s cloud-based software is immune to them, please share them in the comments below.