2. 2 in 3 organizations
fell victim
to a cyberattack in 2018
3. % of cyberattack victims that were hit by a ransomware attack
30%
hit by ransomware
30%
32%
27%
25%
13%
5%
43%
24%
38% 38%
49%
39% 38%
Average U.S. Canada Brazil Colombia Mexico U.K. France Germany Australia Japan India South Africa
1 in 2
hit in Japan
4. Ransomware is a type of malicious software that
cybercriminals use to extort money from their victims
22. Use a Password Manager
✔
1Password
✔
Dashlane
✔
LastPass
✔
KeePass
23. Sophos Home
• Business-grade AV Protection for the Home
• Artificial Intelligence Threat Detection
• Real-Time Threat Prevention
• Advanced Ransomware Security
• Advanced Malware Scan and Clean
• Remote Security Management
• FREE of Charge and No Ads!
Download now from
sophos.com/home
Hinweis der Redaktion
Businesses and home users alike are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption.
But what does a typical attack look like? And what security solutions should be in place to give the best possible defense?
This presentation highlights the commonly used techniques to deliver ransomware and outlines some security recommendations to help you stay secure.
*Click to advance slide*
Cyberattacks are becoming more prevalent than ever, and they are getting ever more crafty at getting round cybersecurity defenses.
In a recent survey of 3,100 companies across 12 countries, 68% said that they had been the victim of a cyberattack that breached their network. So that’s two in three organizations hit by a cyberattack. It’s a huge issue – and we are all part of the solution.
*Click to advance slide*
30% of the organizations hit by a cyberattack experienced a ransomware attack. However this global average masks some significant regional variations.
Half (49%) of Japanese respondents said they experienced ransomware, followed by the UK on 43%
So despite rumors of its demise, ransomware is still one of the most widespread and damaging threats that internet users face.
*Click to advance slide*
But what is ransomware?
Ransomware is a type of malicious software that cybercriminals use to extort money from their victims
*Click to advance slide*
And its making the news nearly every single day in shape or form.
*Click to animate*
Cyber criminals are getting smarter and are evolving attacks constantly meaning ransomware isn’t going away anytime soon.
*Click to advance slide*
So how does a ransomware attack start and unfold?
First of all, hackers, using a number of different methods, attempt to gain access to your computer and ultimately, your personal files and data.
*Click once to animate the attack*
Once they have achieved this, they install the ransomware.
The ransomware then executes and encrypts your valuable files such as Word documents, Excel spreadsheets and sensitive data so that they can’t be used.
Hackers them demand a ransom payment in return for access to your files.
*Click to advance slide*
But how do hackers get access to your computer in the first place?
Attackers can get into your system in multiple ways. However, the 2 most common methods are via:
Malicious attachments contained in Phishing Emails designed to look like legitimate communications
Poisoned Websites redirecting you to malicious pages
*Click to advance slide*
Anti-ransomware technology has a key role in stopping it. But when it comes to IT security everyone has a part to play!
Educating yourself is critical in spotting bogus emails and compromised websites both of which could give hackers an easy way into your network.
*Click to advance slide*
To help you identify and avoid ransomware we’ve put together a few quick tips that apply whether you’re in the office or at home.
*Click once to animate tips*
*Click to advance slide*
So how can you spot a phishing email?
Well, before you can spot a phishing email, its important to understand what phishing is.
*Click to advance slide*
*Click to advance slide*
Now a question for you.
What do these three brands have in common:
*Click to animate*
Apple, Amazon, Microsoft.
*Click to animate*
They are the three most-spoofed brands used in phishing attacks.
Their global coverage and high brand recognition makes them ideal targets for cybercriminals in their phishing attacks.
To the untrained eye, a mass phishing email can easily go undetected and provide hackers with swift access to your computer.
Phishing emails will often:
Look like they come from a company/people you work for or do business with *Click to animate*
Contain suspicious looking attachments or links *Click to animate*
Ask you, in an urgent tone, for personal information such as banking details or to click a link / open an attachment *Click to animate*
*Click to advance slide*
To spot a phishing email, always check the following:
Email address – does the domain match to the company’s website? The ‘From’ name might be ‘Amazon.co.uk’ but more often or note, the email domain does not match this at all. *Click to animate*
Look out for generic impersonalized language – phishing emails are often sent out in bulk. If you don’t spot your name, be suspicious! *Click to animate*
Poor spelling & grammar and odd syntax – this isn’t always the case but more often or not is a telltale sign of a bogus email *Click to animate*
In regards to attachments, watch out for file types that you aren’t familiar with or use in your day-to-day work. They are often disguised as other file types to fool you into clicking on them.
If you aren’t sure about it, check with your IT department.
*Click to advance slide*
We know this is a lot of information to take in one go so we’ve created a handy checklist!
This is aimed to be use when looking at an email to try and unpick the suspicious behavior and pick out those phishing emails.
*Click*
P: Promises unbelievable things? *Click*
H: Harassment to get you to reply? *Click*
I: Instincts does it ‘feel’ wrong? *Click*
S: Sense of urgency? Insisting you do something? *Click*
H: In that case, Hit delete!
If in doubt, report it to your IT team and hit delete to make everyone else in the company aware of the phish!
*Click to advance slide*
How to spot bogus websites
*Click to advance slide*
The web is a fantastic place to find memes, but it’s also one of the key ways hackers are able to access your computer to install ransomware.
*Click to advance slide*
Make sure that links go to where you think they do. Often crooks will disguise a website address in order to make it look authentic.
And sometimes they use a trick known as masking. This is where the link looks legitimate but when you click on it you’re taken somewhere completely different. However, if you hover over a link before you click on it you can see where it really goes.
*Click to advance slide*
A quick word on passwords. Pick a proper one!
A weak password is an easy road in for a hacker to access your online accounts.
We recommend: *Click to animate tip*
Making them at LEAST 12 characters long *Click to animate tip*
Utilizing a mix of upper and lowercase *Click to animate tip*
Including special characters *Click to animate tip*
Ensuring they are impersonal – avoid sentimental names. Hackers can derive these from you social media presence! *Click to animate tip*
We also recommend using a unique password for each online account that you have. We do appreciate that this entails problems of its own however…
*Click to advance slide*
Using a password manager will put a stop to the issue of recalling innumerable unique passwords for multiple accounts.
Rather than having to enter a password, the manager will:
Recognize the username you are entering and then…
Auto populate the password field for you.
Furthermore, should you ever change your password, the manager will recognize this and amend its database automatically.
You may feel a bit wary having all of your passwords stored in one central place, but any password manager worth its salt uses heavy-duty encryption to keep your information safe. In addition, many offer two factor authentication (2FA), adding another layer of security.
We’ve thrown up 4 popular password on the slide but there are many options you can choose from. Most have a free version you can use, with some premium features you have to pay to unlock.
We hope you’ve found these security tips useful. So here’s one more.
Sophos Home.
It’s completely free and gives you advanced protection on your home PCs and Macs against ransomware, malware, viruses and more.
Find out more at Sophos.com/home