October is Cybersecurity Month
Know the risks & How to Protect Your Organization
DDoS attacks and Ransomware are different types of attacks but both have malicious intensions.
What is a DDoS Attack?
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic by overwhelming servers, networks, or services with a flood of internet traffic.
In other words, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
The key concern in mitigating a DDoS attack is differentiating between attack traffic and normal traffic. This can take time to sort out, thus why some of the recent DDoS attacks have lasted for days.
What is Ransomware?
Ransomware is a form of malicious software that infiltrates a computer, mobile device, or network and restricts access to critical data by encrypting files until a ransom is paid.
Ransomware attacks are on the rise- up 148% since the pandemic, and remain the most prominent malware threat to organizations of all types and sizes- from financial institutions to education facilities.
Every 11 seconds a business is hacked by ransomware. The most common tactics used by criminal hackers include targeting emails, RDP vulnerabilities, and software vulnerabilities.
Alarming Stats
- Malicious emails are up 600% since 2020
- Healthcare received 88% of all ransomware attacks in the US in 2020
- The average ransom fee requested has increased from 5k in 2018 to 200k in 2020.
- In 2021, the largest ransomware payout was made by an insurance company at 40 million, setting a world record.
- Since 2016, over 4,000 ransomware attacks have occurred daily in the USA. source
Tech Tips to Protect Your Company
- Stay Informed– visit StopRansomware.gov, a new website from the US Government’s Cybersecurity & Infrastructure Security Agency (CISA).
- Keep computers updated & patched at all times.
- Install Firewall protection & aggressive spam filters.
- Backup your data daily on a separate device or server.
- Train employees frequently on good cyber/email habits.
- Do not open attachments or click links in emails unless you are 100% sure the email is legit from a verified source.
- Only visit verified, secure websites.
What to do if you were targeted
- Experts recommend NOT paying the ransom- 80% of victims who submitted the ransom payment experienced another attack soon after, and only 46% got their data back but most of it was corrupted.
- Immediately contact IT
- Report the incident to the FBI & CISA
- Submit the files to CISA for analysis (visit stopransomware.gov for more info)
- Change all system passwords once the ransomware has been removed.
Learn more at stopransomware.gov.