GandCrab detections are in sharp decline but we still have Sodinokibi and other strains of ransomware to contend with.

• Back up your files. With regular data backups, a ransomware infection becomes a small, if annoying, inconvenience. Simply wipe and restore your system and move on with your life
• Be wary of emails attachments and links. If you receive an email from a friend, family member, or coworker and it just sounds weird—think twice. If the email is from a company you do business with, try navigating to the company website or, if available, use the app.
• Patch and update regularly. Keeping your system up-to-date will stop attackers from taking advantage of exploits that can be used to gain unauthorized access to your computer. Exploits, as you may recall, are the main method by which GandCrab infects target systems. Similarly, if you have old, outdated software on your computer you aren’t using anymore—delete it.
• Limit remote access. The best way to protect against a Remote Desktop Protocol (RDP) attack is to limit remote access. Ask yourself, does this system really need to be accessed remotely? If the answer is yes, at least limit access to the users who really need it. Better yet, implement a virtual private network (VPN) for all remote users, doing so negates any possibility of an RDP attack.
• Use strong passwords and don’t reuse passwords across sites. In the event that a system absolutely needs to be accessed remotely, be sure to use a strong password with multi-factor authentication. Granted, remembering unique passwords for all of the various sites and applications you use is a difficult if not impossible task. Fortunately, a password manager can do that for you.

Zoom-themed phishing attacks have spiked since the start of the pandemic in Key West. We are seeing both Zoom and Teams-themed criminal campaigns. Attackers adapted quickly earlier this year when a large portion of workers began operating remotely, and the phishers still are improving their lures to exploit your organizations’ dependence on video-conferencing platforms.

Scammers registered more than 2,449 Zoom-related domains from late April to early May this year alone. Con artists use these domain names, which include the word ‘Zoom,’ or ‘Teams’ to send phishing attacks that look like they are coming from the official video conferencing services.

This finding isn’t surprising, since attackers always update their phishing lures to take advantage of ongoing trends and events. The BBB says users can defend themselves against new variations of phishing lures and suggest a few security best practices.

If out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule,’”

Double check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam.

Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain.

Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.

Security awareness training will help your employees not to fall for video-conferencing attacks by keeping them up-to-date with evolving phishing trends.