As far as I am concerned, the Hackers win!

Written By Stephen Buyze

A few years ago I was reading an article in the Saturday Evening Post (I was at the doctors office and it was sitting on the table) and there was an article about Osama Bin Laden’s game plan was not to win a war with the US, but bankrupt the country fighting and invisible terrorist.  What I think he failed to realize is that you cannot bankrupt the country that prints the money.  I am not a financial anything, but it seems if the US Dollar is not backed by gold, the more you print, the more you have.  However, thanks to our fight against Terrorism and most every other country in the world, our debt is in the trillions, so you could say al-Qaeda and the Taliban have won. 

 

The same is true for hackers. Well, we have been lucky so far, in that none of us at Advanced Global have accidently clicked on a booby trap, leading to our data being held for ransom, or putting us out of business. I can tell you, at least for myself, my productivity is pathetic due to the amount of virus scans and “Please enter in your password” stops.   

 

Not to mention the layers we spend each month on protection.  And the best protection I am told is not protection but backups, so we can roll back before the mistake and start rolling forward again from somewhere in the past.  Seems like a Back to The Future process. 

 

Here is a picture of one of the many emails we receive – just like I am sure you do, and the steps we went thru to determine if it was or was not Ransom Ware: 

Email to all AGMSP Employees: 

Above is a screenshot of an email we received today.   

  • We do not have any dealings with Kriger Law firm 

  • Attorneys send encrypted documents, and this one is not 

  • An Efax from a SharePoint site is very unusual and to my knowledge, not something MS offers for SharePoint 

  • The fax delivery from # 998 is different than the Law Firms area code of 262 

 

For these three reasons, I was suspicious.  I googled Kriger Law and located them as a law firm in San Diago CA, with area code 619, not 262. (area code 262 is Southern Wisconsin.) I then searched Kriger Law in Wisconsin and found  Alvin H Kriger Estate Planning in Brookfield, WI.   I called them, and they verified this did not come from them, someone was spoofing their email domain.  It is a scam, and BOY am I GLAD I did not click on the link below. 

 

Please be aware of these types of phishing attacks that lead to RansomWare.  The latest ramson paid to a RansomWare criminal was $500.000.00 per Employee.  If we were held hostage for $500,000.00 per Employee, we would walk away from our data and records and start all over again with new computers and software licensing – or go out of business. 

 

FYI: Area Code 998 is in Canche, Mexico. 

 

My point is less about how we are being held for ransom even without being held for ransom, but more about the types of communications owners and Managers need to have with Employees to help them spot ransomware.  KnowB4, IDAgent, and other Employee awareness programs are great, but do not care the impact on the Employee that an email from the Owner or their Manager carries even when the message is basically the same.  Besides, annual training and Quarterly reminders from the professionals may not be enough.  Whereas an internal email reminding the Employees at the time your company is being probe is a great pro-active prevention and may avoid you going back to the future. 

 

I trust this article has been helpful in your war on Terrorism, but don’t beat yourself up if you feel the Hackers have Won, just call me and we will cry in our beer together. 

Steve

Stephen Buyze

President of Advanced Global MSP Coaching

Previous

DattoCon22 Security Vendor Meltdown:
Next

How to Pinpoint the Root Cause of MSP Chaos