According to the local police that’s investigating the incident, the school didn’t maintain an offsite data backup. That’s very poor security hygiene that makes users and companies incur serious losses in various information security incursions and data breaches. As a result, part of the target’s network was locked down as the malicious code applied a strong cipher to encrypt the most common types of files spotted on the host servers.

According to some unconfirmed reports, the troublemaking program might be the infamous WannaCry ransomware, which broke out worldwide in May 2017 and crippled numerous computer networks, including government-related ones and those belonging to industry giants. Some organizations had to rebuild entire segments of their infrastructure from scratch to recover from this massive attack. The UK’s National Health Service exemplifies the harsh impact as about 70,000 of its devices were affected.

The involvement of WannaCry in the Leominster case is a mere speculation, though. If it holds true, the attack probably tool place via unpatched software exploited in a furtive way. One way or another, although the FBI and security professionals advise against submitting ransoms in scenarios like that, the school district elected the lesser of two evils. The officials followed the crooks’ demands and coughed up the negotiated amount of cryptocurrency.

In summary, crypto ransomware continues to be a serious concern, and organizations are much better off keeping file backups to avoid the damage.

Social networks such as Facebook, Instagram, Twitter, and TikTok boast huge user audiences and therefore increasingly lure online scammers. By obtaining credentials for numerous accounts, threat actors can mishandle the unauthorized access to perpetrate fraudulent initial coin offerings (ICOs) or controversial propaganda. In some cases, crooks simply sell these details on hacker forums.

Unsurprisingly, social network accounts have become a pricey asset in the cybercriminal circles and need to be safeguarded accordingly. Since early August 2020, security researchers have been observing a spike in phishing stratagems that zero in on social network users.

The two dominant forms of these scams are described below. Go over the information to identify these hoaxes if they happen to hit you.

Bogus account verification pages

A massive phishing wave that has been gaining traction recently involves false claims about giving a user a verified badge on Twitter, Instagram, and TikTok. The first two social networking platforms are being targeted the most. The essence of the scam is to instruct would-be victims to enter their username and password in a page camouflaged as an official verification form, with all the branding elements being in their place.

The growingly popular TikTok service is in the epicenter of a similar campaign, where malefactors promise video bloggers a nifty verification badge in exchange providing sensitive information on a rogue site.

Regardless of the social network being impersonated, the distinguishing hallmark of the phishing pages’ URLs is that they include the string “badge” or “verified”. This pattern should give users a heads-up if encountered. Obviously, the credentials instantly go to scammers if typed in a pseudo-verification form.

Spoofed copyright infringement alerts

One more common phishing scam with a flavor of social networking is masqueraded as a copyright violation for a user’s recent post. The bogus warning pages claim that the Twitter or Instagram account will be suspended within 24 hours unless its owner signs in and provides the appropriate arguments on the matter.

A clever move of the fraudsters is that fake Instagram copyright violation notices include the target’s real profile image. This quirk makes the scam look more trustworthy. In some cases, bad actors also try to wheedle out the email account password. If given away, this access allows hackers to expand the attack surface and compromise other personal accounts.

A clue that indicates a likely scam is that the URLs of the landing pages include the words “violation” or “copyright”. If noticed, this red flag should discourage you from entering personally identifiable information on that resource.

How to avoid these phishing frauds

An important precaution is to turn on two-factor authentication (2FA) on your social network accounts. This way, crooks cannot log in unless they have access to your smartphone which receives a secret code for confirmation. If you aren’t lucky and fall victim to one of these scams, be sure to change your password immediately.

The study supports numerous forecasts expressed by the majority of info-security specialists a year ago who said ransomware would likely have an essential role in all types of cyber-crime and get the biggest market share.

To collect information for this report, experts scanned the Dark Net for communities and sites offering and advertising all ransomware related products and services.

Researchers found approximately 6,200 spots where criminals had offered their services with the help of more than 44,000 ads.

Rates are varying greatly, from $1 to $4,000. The price variance is determined by different economic models crooks select to sell their goods. Some charge on a per-sample basis when others prefer monthly subscription plans.

Comparing 2016 and 2017, the ransomware economy has exploded from $250,000 to $6,230, 000, a rate of 2,500%, researchers note in their report. These extortion schemes get enormous ransom payouts that totaled in $1B in 2016. Earlier in 2015, it was $24M.

Ransomware-as-a-Service (RaaS) is the main driving force of the ransomware economy. Big and small RaaS portals started to appear in early 2017. These RaaS sites are all different and each works in its price niche. For instance, you can find RaaS portals offering all-in-one solutions. Some portals offer only minimal number of services. Finally, there are individual sellers who offer just the ransomware code.

Multi-function RaaS services provide the ransomware executable file itself, they also offer delivery mediums like botnets and exploit kits. In addition, you can get a payment portal to manage ransoms. On top of that, you can rent customer support team. All of this is available from a convenient web-based admin panel.

Reduced service RaaS sites supply the ransomware file, and just a couple of the services above, typically at more affordable prices.

Finally, there are private sellers who are virus writers. They sell just the ransomware file and allow clients to manage the rest. Some ransomware writers earn more than $150,000 a year. That is much more than the standard salary of a legal software developer.