Blog Layout
What is a Cyber Ransomware Attack?
A week does not go by without us hearing the term ransomware. The most recent case was Garmin , the GPS device and services provider, which confirmed on Monday that the worldwide outage starting on July 23, 2020 that took down the vast majority of its offerings for five days was caused by a ransomware attack. Another big example was the “WannaCry” cyber ransomware attack, which spread globally and has caused roughly $1 billion USD in damage. It also infected approximately 300,000 computers worldwide. As we continue to hear about ransomware, let’s pause and understand what exactly is this “ransomware” that has all of us concerned and causing companies to pay thousands to millions to regain access to their networks.
- Ransomware” is malicious computer software built by a hacker that has the sole purpose of rendering your computer or device useless; unless you are willing to pay the hacker a specified amount of money, i.e. the ransom. Just like in the kidnap scene of the Hollywood blockbusters “Die Hard”; the hacker takes your computer or device hostage and requests payment(s) in order to have them either not harm your data or to release it.
- The harm to your data can be done by the ransomware program encrypting it , i.e. making it unusable or not readable by you unless you have a special way to decipher the key used by the hackers to lock your data. Even more nefarious is that the ransomware can threaten to destroy or wipe out your data or to publish it publically on the internet and elsewhere unless you pay up.
- Usually when this "ransomware" software is launched on your computer or device, it is done in a way so the user cannot just exit out of the "'ransomware" program. It may require the person to either pay by a set date/time or risk losing access to everything on that infected device. Loss means hackers will usually destroy /wipe out your information so that thereafter it no longer exists for your use.
The advice from the FBI and law enforcement community is mixed. Officially they encourage you not pay the ransom, but if you don’t have measures in place to recover the lost data, then the advice is usually “just pay.” If the option is lose your business and livelihood or part with a few thousand dollars or bitcoin, you will have to be the judge. The answer depends on what is appropriate in your situation. In the next installment we will go into detail about the effects of ransomware and how it can affect you personally or your organization.
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
