Cyber Security
Sappi

Ransomware is
out there.

Let’s keep it that way.

Ransomware is a vast criminal industry.

Every day, all over the world, all kinds of businesses are being attacked by ruthless digital mobsters who hijack their data and demand huge ransoms to return it.

Here’s the lowdown on how this racket works – and how you can stop it from happening to you and your team.

Who are these guys?
They are not nice people. Ransomware attackers are organised criminals, often operating in large syndicates. Their identities and whereabouts are hidden, and they often demand payment of ransoms in cryptocurrency to stay anonymous.
How do they do it?

They use several sneaky tricks to break into a company’s data system…

The phishy mail
Often they enter via a phishing email – sometimes disguised as a message from someone within the company or one of its suppliers – that asks the recipient to click on a link or download an attachment that will download malicious code.
The dodgy click
Sometimes a staffer will visit a malicious website while using an office computer and unwittingly download ransomware code. That code can then infect that computer – or even the company’s whole system — and encrypt (or lock up) the company’s valuable data.
The stick-it-up
Sometimes the crooks leave infected USB sticks in public places, hoping somebody uses them at a work machine and unknowingly uploads the code.

AND THEN, WHAT HAPPENS

when these hackers are successful?

Once the data is held captive, the business cannot operate properly. The invaders demand a hefty ransom in cryptocurrency to release it. They might also threaten to release the data to the media or a public server, thus revealing confidential or damaging information. There’s often no option but to pay up.
SO … HOW CAN WE prevent a Ransomware attack?
1. Don’t buy the phish

Whenever an email is unexpected, unusual, or weird and asks you to download ANYTHING, think thrice before doing so. Check the sender’s full email address – is it a legit company address? Often the ransomers will impersonate a colleague or a supplier in an email.

2. Don’t click on tricks

Only visit websites you trust, and avoid clicking on pop-up windows. Ransomers can even create fake versions of websites, such as online banking portals, to lure you into downloading ransomware.

Always ensure the site you visit is an HTTPS site.

3. Don’t pick up sticks

Only use Sappi approved USB/Thumb drives, and don’t lend them to other people. Don’t use any random stick floating around the office. There are always security risks as they can be easily lost or stolen, and if they contain sensitive or confidential information, it could lead to data breaches or unauthorised access to company data.

4. Keep your apps snappy
Download the latest version of all your apps and your operating system, and install the latest security patches while doing updates. If your software is old, it is vulnerable to new-fangled attacks.
5. Don’t expose yourself in public
Whenever you use a public Wi-Fi network, avoid making important transactions and make sure you have a VPN service operating, which will protect your system from intruders. Public Wi-Fi carries a greater risk of ransomware attacks and other threats.
6. Polish your passwords
Use Multi-Factor Authentication (MFA) and create strong, secure passwords. Change your passwords every so often. Never share or store your login details on a public PC. Be cautious when making payments online.
7. Stop the bot

If you notice any dodgy activity on your PC, it’s not too late to act.

Quickly take the following steps:

  • Reset your password
  • Disconnect your network cable
  • Report your concerns to IT support.
  • Contact your IT Support and request a malware scan for your computer.
Cyber Security is a team sport
Sappi