Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

Ransomware Attacks Have Become More Refined – And More Personal

Ransomware has been a massive problem for businesses of every size, across every industry for the past several years. 2016 saw a record number of infections cause irreparable damage to thousands of businesses, and seriously inconvenience countless others. With 2017 set to see an even higher infection rate, companies need to make sure that they have the latest security measures in place to defend their networks and valuable data against this threat.


However, something that some businesses still fail to understand is that security measures alone aren’t enough. Part of the reason ransomware is so prevalent and so compelling is that there is a component of human error involved that makes it an extremely successful tool for cybercriminals. Hackers have learned that if they can’t get to your data directly through your network, they can get to it through your employees.

Phishing scams and social engineering have long been preferred means of gaining that access, and businesses who put an emphasis on training their staff to spot these attempts and avoid them are miles ahead of their unprepared counterparts where cyber security is concerned. Emails pretending to be internal correspondence or correspondence from associates, or notices from financial institutions or government agencies are common and easily recognized by those of us who know what to look for.

But there is a new tactic emerging that businesses need to be wary of; phishing scams disguised as service or product inquiries. A few red flags you should be on the lookout for when opening or responding to emails requesting information about your company, services, or products include:

  • Cagey responses from the sender once communication has been established (non-specific answers to your questions, refusal to speak over the phone or meet face-to-face, failure or refusal to provide specifics about themselves or their company, etc.)
  • Broken or clumsy English in the initial or subsequent emails
  • Attachments sent in an incorrect or unusual format, such as files typically appearing as a spreadsheet being sent as a Word document
  • Business emails sent from a generic domain instead of a company domain (Gmail, Hotmail, etc.)

Something else that makes these types of phishing attempts such a challenge is that they might not be trying to introduce the ransomware virus directly onto your system or network. Instead, embedded links or attachments might contain some type of code meant to give the hacker a foothold inside your network, or use an application already installed on your system as a launching pad of sorts – a method of running the malicious code without your knowledge and downloading the actual virus from the hacker’s online server.

Just deleting suspicious emails isn’t always an option. When you’re dealing with potential new business, you don’t want to throw away a prospective client over poor grammar, or a lack of computer skills that could result in wonky attachments. Some of these red flags could be honest mistakes, but could just as easily be signs of something more sinister. There are many resources available online that can help you to screen suspicious emails without opening potentially harmful attachments. Get in touch with your IT support provider to learn more about these tools, and discuss the options available to not only step up your network security but educate your staff on the dangers of cyber threats.

Want to learn more about the steps you can take to protect your business from threats like ransomware? Contact us at [email protected] or (415)-549-9681. We’re the IT professionals businesses in {city} trust.