The IT Nerd

Ransomware operators are strategically targeting enterprises, disabling critical systems, and publishing stolen data. The average ransom demand has increased 144% and the pressure to pay is evident with payments met more than half the time. Industries of all types are being targeted, with critical services and infrastructure no longer immune to attack.

This leads to the question of how you can protect yourself from a ransomware attack? Or if you are the unfortunate victim of one, how do you minimize the impact?

Eric George, Director, Solution Engineering at PhishLabs by HelpSystems says:

“Businesses that fall prey to ransomware often feel helpless determining a solution post incident because the threat itself is in a constant state of evolution. Determining what action your organization should take in the wake of an attack is more than a binary decision and must be approached in a comprehensive manner that adds layers of depth to existing security measures.

Ultimately, enterprises experience the most pain when they are faced with compromise and lack options or a clear path of action. If unprepared, enterprises can find themselves in a situation in which the only viable option is to pay the ransom and hope the threat actor honors the agreement. Multiple ransomware actors and complex campaigns make this choice problematic however, as compromised data is likely to be leaked or sold regardless of whether the ransom is paid.”

This is why PhishLabs has a security playbook that can help an organization.:

1. Identify and mitigate attacks before they occur
2. Maintain broad visibility into data leaks and threat actor activity
3. Prepare a plan of action in the event data is further compromised

You can find the playbook here. I had a look at it last night and I believe that this will be really helpful to organizations of all sizes as threat actors are targeting everyone these days.

Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to the latest Quarterly Threat Trends & Intelligence Report from PhishLabs by HelpSystems, the leading provider of digital risk protection solutions.

In Q4 and throughout 2021, PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, the number of social media attacks per target increased 103% from January 2021, when enterprises were experiencing an average of just over one threat per day. In December, enterprises averaged over 68 attacks per month, or more than two per day.

Additional Key Findings

• Hybrid Vishing (voice phishing) attacks initiated by email increased 554% in volume from Q1 to Q4.
• Phishing volume has grown 28% year-over-year, with half of all phishing sites observed in Q4 being staged using a free tool or service.
• Malware delivered via email nearly tripled in Q4, led by a resurgence in Qbot and ZLoader attacks. 
• 70% of advertisements for stolen data took place on chat-based services and carding marketplaces in Q4. 
• The percentage of attacks targeting financial institutions increased from 33.8% in Q1 to 61.3% of all phishing sites observed in Q4.

Additional Resources

To learn more about the report findings and what recent changes to the threat landscape mean for businesses, attend the live webinar at 2 PM EST today or watch on-demand: https://www.phishlabs.com/webinars/details/?commid=528515.

To access the complete PhishLabs Quarterly Threat Trends & Intelligence Report, visit:m https://info.phishlabs.com/quarterly-threat-trends-and-intelligence-february-2022.