Security Advisory - Growing Threat of Ransomware

10/12/17
T&I Information Security LogoFAQ Ransomware

Perhaps it shouldn’t be surprising, but ransomware has evolved from a drive-by mugging into something akin to a franchise business.  While many users are at least somewhat familiar with ransomware, it may be new to others—so we’ll address some frequently asked questions about this modern-day scourge.

Q:  What exactly is ransomware? 
A:  “Ransomware” is a broad term to describe malicious software that encrypts or locks up your data until a ransom is paid.  The victim receives an automated demand for a sum of money in return for the key to decrypt the data, with a warning that the ransom will increase the longer you delay.  Ransomware is generally spread through social engineering.  You may receive an unsolicited email with a resume as a Word file, or a spreadsheet with special pricing, or another file or link from an unexpected source.  Opening the file unleashes the attack.  

Q:  Why is it on the rise? 
A:  Experts say this is the worrisome part: Hackers no longer have to be particularly clever or tech-savvy to profit from this threat.  Instead, they can simply subscribe to ransomware-as-a-service to get the technology. And in the best traditions of guaranteed value you do not have to pay anything upfront.  Why is that scary?  The number of attacks will increase exponentially with the ease of use.  Also, ransomware-as-a-service increases the threat of insider attacks by disgruntled co-workers who know what data really matters to you.

Q:  How can I protect myself and my employer?
A:
  First follow basic computer hygiene: Use good anti-malware protection, and make sure your PC (and phone!) have all the latest updates (your City computer has anti-malware protection and is updated on a regular basis).  Also, you must develop a good sense of when something is “off” about an email.  Protections and updates cannot prevent all attacks; you however are one of the most powerful tools we have for protecting the City. When in doubt, don’t click!

Newsbytes Logo

 

Millennials Are Cyber-Savvy, but Not Cyber-Safe
Millennials—those between 20 and 36, born and raised during the digital era—have proven to be the most vulnerable age group online, according to a study performed by Nanyang Technological University.  Researchers say that of all those between 18 and 65 years of age, millennials had the poorest basic cyber-hygiene. According to the survey, only a third of millennials use different passwords across their online accounts, and only 36% activate multi-factor authentication.  This is a cause for concern, experts say; the digital natives are making it easy for online criminals to steal their information.

 

Report Says Smart People Do Dumb Things Online
People who identified themselves in a survey as “tech savvy” were 18% more likely to be victims of online identity theft.  In addition, those who said they had Ph. Ds were more frequently victims than high-school graduates.  These were some of the interesting findings from a survey by training company CBT Nuggets. Some of the more surprising findings included that 69% of those in the legal industry don’t care to follow online security practices, and 23% of people felt secure sharing their Social Security number with Amazon.  When asked why they didn’t follow basic security recommendations, 40% said they were too lazy, found it to be too inconvenient, or didn’t really care. 

 

Internet-Connected Teddy Bears Leak 2M Voice Messages
Spiral Toys, the maker of an Internet-connected line of stuffed animals called CloudPets, recently sprang a massive leak of customer data, including more than two million voice messages from kids and their parents.  Email addresses and passwords of more than 800,000 users were also leaked. According to security researchers, the data was left unsecured in a publicly accessible database.  The voice record database was stored by a Romanian contractor.  The data is known to have been accessed by different parties, among them criminals who held it for ransom.