Hackers

Ransomware Attack costs Baltimore $18 Million

Bitcoin 2.jpg

On May 7th 2019, Baltimore city officials announced that a relatively new strain of ransomware labeled “Robbinhood” by The Baltimore Sun had encrypted important data including email, voice messaging, the city wide parking ticket database, and the cities utility and tax payment system. It has been determined that the hackers got in via a phishing email- a phony message tricking network users into giving hackers their credentials.

The Maryland city is still struggling to respond to hackers as over a month later as Baltimore city mayor Bernard Young has refused to pay the ransom of $100,000 in Bitcoin (an online currency that is hard to trace and has a wildly fluctuating value). Since refusing to pay the ransom the hackers have gone on twitter taunting Mayor Young posting faxes and other materials that the twitter account claims is evidence that they have been inside the cities network.

In a direct message to a Baltimore Sun reporter on Twitter, the account claiming to be the hackers said they have “ Financial documents and citizens personal information” and went as far as to release them on the dark web.

It is estimated that the total cost of the ransomware attack is going to cost the city of Baltimore over 18.2 million dollars- and that is assuming the hackers do not leak financial or citizen’s information onto the dark web.

How this could have been avoided

  1. Offsite Data Backup

    If the city of Baltimore had been backing up their data to either the cloud, offsite servers, or a combination of both, they would have had a recent backup to fall back on and continue operations with the only data being lost was that since the last back up. Trusted IT partners like Current Technologies can help implement regularly scheduled offsite backups and help you restore your data in the event of a would be catastrophe.

  2. Cyber-Security Protection

    Many ransomware attacks that hit cities or businesses occur due to outdated security technologies like firewalls or anti-virus software. In today’s day and age, hackers can scan thousands of organizations looking for specific vulnerabilities that only the latest software and hardware can prevent. This is why it is important to consult with your IT provider regularly to insure that your data is kept safe.

  3. Employee Training

    The entire Baltimore city hacking could have prevented had one employee not mistakenly given their credentials to a phishing email. It is important to have regular discussions with employees about good internet practices. Important practices include reporting spam emails, avoiding suspicious links and online ads, and regularly changing and strengthening passwords.

The threat of a cyber attack is never ending, and a majority of events like this occur to small businesses and cities and if it happened to a large city like Baltimore, it can definitely happen to you. No solution will be 100% effective, however the more security layers you have in place the safer you will be. If you are concerned that this could happen to your organization, contact the security experts at Current Technologies. Our IT team will help with data encryption, offsite backups, monitoring and disaster recovery. If you have your own IT team but are still worried, Current Technologies can bring you the latest versions of security software and hardware to make your IT team as effective as possible.

Reminder: There is a Hacking Attempt Every 39 Seconds

Name *
Name

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal (1).jpg

Helpful Hackers- They Do Exist

Hacker.png

Business IT systems are complicated, you know that. You've invested in security for your systems, but you're worried that there are still holes in your defense, weak spots between all the bits and pieces that make up your total networking and computing infrastructure. How can you feel confident in your security? You have to welcome a hacker into your midst.

It sounds counter-intuitive, welcoming a hacker (or team of hackers) to come and break into your network and your most sensitive data stores. But that's exactly what pen-testers (short for penetration testers) do—launch non-harmful, sophisticated attacks and probe to see if your network can handle the worst the world has to throw against it. Pen tests are almost always valuable, but to get the most from the exercise there are several things you can do.

1. Turn Them Loose

Too many pen tests are hampered because the client places significant limits on what the pen testers can do. One frequent example involves spear-phishing and social engineering. Will you let the pen testers send email messages to employees trying to tempt them into giving up network credentials or privileged information?

Some companies say they do not want to risk embarrassing employees, so they forego testing the human element of the network. If you do not run these tests, you lose valuable opportunities to see how well corporate training has been put to use by employees. The key is to not single out employees and treat any successful spear-phishing attacks as opportunities for education, not punishment.

2. Define Goals Before You Start

Is the purpose of the test to inform regulatory compliance efforts? Are you trying to see where weaknesses lie before starting a new security purchase cycle? Do you want to give your InfoSec team information before they begin revisions to the corporate security policy? Is this just part of your regular cycle of testing the effectiveness of your security?

Being clear about what you want to achieve from the test, and communicating that information clearly to the pen testing team, will help make sure the pen testers are working with you to be most effective.

3. Do Not Hire Them

Some executives resist pen testing because they worry that the results of the test could become subject to the discovery process in the event of a lawsuit. That is a legitimate concern, but there's a way around it.

Let your law firm hire them. If outside counsel hires them and delivers the report to you, then it is privileged communication and is immune from legal discovery. You get the results, everyone gets protection, and everyone (on your team) is happy.

“Hiring” a team of hackers can be the best thing you do to strengthen your network security. Do your homework on the firm you hire and follow the tips above, and you'll end up with a sound picture of where your security is doing its job—and where you should start immediately patching the holes. Our team at Current Technologies specializes in building state of the art security systems to your specification. If you already know where the holes are from a pen-test, it will be a breeze to have us patch them up for you.

Need Help Passing Your Pen-Test?

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this information helpful?
CurrentTech_Horizontal.jpg

Survey Says, Poor Server Security is Still an SMB Issue

cyber-security-cybersecurity-device-60504.jpg

Server Security is Key for SMBs to Land Large Customers


Hacking one network to access another more lucrative network is a common hacker tactic. Increasingly, the first network to be hacked likely belongs to an SMB. When an SMB is networked with a larger customer, a vulnerability in the SMB’s network might translate to a vulnerability in the customer’s network. By hacking an SMB, a hacker learns how to get into the customer’s network, what that network can do, and about any access credentials and procedures. Hackers can lurk for as long as they like, looking all the time like an authorized supplier.

Online retailers with a database of credit cards could see those details stolen thanks to a virus or Trojan horse that infects a delivery company, manufacturer, cloud-CRM supplier, or any other company in their supply chain with access to their IT network. The hackers don’t have to act immediately. They can wait until Black Friday or Christmas.

That means SMBs’ IT security is coming under more scrutiny from their large enterprise customers. SMBs are also likely to see security operational conditions show up in their partner contracts. Failing an IT security test could mean not getting (or losing) a contract—and not just an IT-based contract.

The customer will want the right to show up for unannounced network, software, and facility spot checks. Naming and shaming is also likely. It’s in the larger customers’ interests to let partners know when one of their number has been caught with inadequate security and terminated.

Customers might also expect the SMB to agree to be held liable if a breach is traced back to it.

So far, enterprises looking closely at their supply chain and small business partnerships aren’t always liking what they find.

Kaspersky Lab’s Global IT Security Risks Survey found:

  • There has been an eight percent fall in the deployment of anti-malware solutions on mobile devices.
  • 44 percent of businesses don’t have a fully implemented security solution.
  • 52 percent of respondents think that their organization needs to improve its incident response plans for data breach and IT security events.
There are only two types of companies. Those who have been hacked and those who don’t know they have been hacked.
— John T. Chambers, Former CEO of Cisco Systems

Leadership Required- Legitimate Server Security Begins at the Top

Only 54 percent of respondents said they were sure senior (non-IT) personnel within the organization have a good understanding of the IT security risks their companies face. That is not an encouraging sign when 90 percent of businesses have experienced some form of external threat.

One thing cautious enterprises are likely to be asking themselves is if the leadership teams of their suppliers have made security a priority. Finding out those teams aren’t even aware of the scale of the problem will not reflect well.

The first job an SMB’s IT professionals face might be one of internal education.


Let Us Help You Break Away From Those Statistics

Name *
Name

We Value Your Feedback!

Was This Information Helpful?
Was this an Interesting Read?
CurrentTech_Horizontal.jpg