KnowBe4 Security Awareness Training Blog

A Lawyer's Look at "Big Game Phishing"

Written by Stu Sjouwerman | Oct 17, 2019 10:50:18 AM

Ransomware attacks have increasingly been going after high-value data in order to extract larger ransoms from victims, according to the well-known law firm Cooley. This trend was highlighted by the FBI’s recent warning about high-impact ransomware events. These attacks can target any type of organization that would be crippled by losing access to important data.

Attackers usually gain access via a phishing attack or a network configuration vulnerability such as an exposed RDP port. Once they’re in, they can move throughout the network and identify critical data before launching the ransomware attack.

Cooley says three of the most valuable targets for an attacker are “(i) high-value data or assets, such as trade secrets or personally identifiable information; (ii) critical timing issues or red-letter dates, such as tax-filing deadlines or the start of a new school year; and (iii) data backups.”

Additionally, Cooley points out that the costs associated with a ransomware attack include “not only paying the ransom demand but also expenses associated with lost business, time, files, equipment; wages; third-party remediation services; or higher insurance premiums.”

For large companies, ransomware attacks can be extremely costly, and for smaller organizations, one of these attacks could be a business killer. Organizations need to invest in countermeasures to prevent attackers from getting in. New-school security awareness training can address the human element and prevent your employees from falling for phishing attacks. Cooley has the story: https://cdp.cooley.com/big-game-phishing/