The latest edition of Social Engineer Newsletter includes an article on the psychology behind ransomware. The author, Mike Hadnagy, talks about why people fall for ransomware attacks and then gets into some methods that help protect people from this crime.
Hadnagy uses a few different examples, but the one that stands out is something that happened to his friend a few months ago. She was at work processing invoices, and she opened an email that looked legitimate. The attachment was supposed to be an invoice, and she didn't notice that the email wasn't sent by a legitimate party. Shortly after opening the email and attachment, she was presented with a Cerber Ransomware instruction screen.
What happened here is easy to see: the victim was involved in her work and automatically started processing her next task (the email) without realizing that task had been poisoned by an attacker. We've blogged about this before here and here: the user is the weakest link in the organization because the user is subject to fatigue and distraction. Criminals know this, so they do their best to reach specific individuals with an email based on a believable premise.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.