I Don't Need No Friggen Backup Plan For Ransomware

Elizabeth HolmesDid I get your attention?

The picture here raised my eyebrows, because of its patent nonsense. Elizabeth Holmes stated this in an interview about being an entrepreneur.

It's a bit like Alexander the Great, who created an empire that stretched from his home in Macedonia to India, and ostentatiously burned his ships when arriving in Persia in 334BC.

As his few thousand troops were facing a few hundred thousand of the enemy, one of his commanders asked, “How will we get home?” to which but Alexander replied laconically, “We’ll use their ships.” - A forward plan, not a backup plan.

He also died when he was 32 years old. 

Now, what does this have to do with ransomware? It's a heads-up more than anything else.

The bad guys use the UK to beta test their campaigns before they launch them in America. 

Graham Cluley blogged about schools and colleges in the UK are being warned to be on the lookout for ransomware attacks, after a wave of incidents where fraudsters attempted to trick educational establishments into opening dangerous email attachments.

In itself that doesn’t sound that unusual. What makes the attacks unusual, however, is just how the attackers tricked users into clicking on the malware-infected attachments.

They called their victims.

As Action Fraud warns, confidence tricksters are phoning up schools and colleges pretending to be from the “Department of Education”.

The fraudsters request the email or phone number of the institution’s head teacher or financial administrator claiming they need to send guidance forms to the individual directly, as they contain sensitive information.

The emails, however, have a .ZIP file attached, which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection. According to reports, up to £8,000 can be demanded for the safe decryption of files on the victims’ computers.

That is, of course, money that few schools can afford to spend.

Similar scams have posed as being from telecoms providers claiming to need to speak to the head teacher about “internet systems” or the Department of Work and Pensions.

In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call. We’re all very used to receiving suspicious emails in our inbox, but may be caught off guard if it is accompanied by an official-sounding phone call.

Backing up your critical data

But in addition we should all be making regular secure backups of our critical data. That way, if a ransomware attack ever does strike, it should be possible to recover without paying up. If you aren’t backing up your data, it’s you who needs to go back to school and start learning security 101. Oh, and train those users to not click on phishing links or open attachments they did not ask for.

You can wait for attacks like this in America shortly. I would have a chat with your school and warn them ahead of time. 

Let's stay safe out there.

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.



Topics: Ransomware

Subscribe To Our Blog

Get the latest about social engineering

Subscribe to CyberheistNews