We broke the news that at the 87th Annual Meeting of the Conference of Mayors this week in Honolulu, they decided not to pay any more ransoms as each payment encourages attackers.
A total of 170 counties, cities and state governments have been hit with ransomware since 2013.
We also broke the news yesterday that New York-based Monroe College was hit with ransomware and most of their systems were down.
It hasn’t been a good year for ransomware victims – attackers are getting better at hitting targets.
The worst part about the ransomware problem is data breaches litter the dark web with personal information which can be used with Linked In to accurately target workers in any organization. These employees become sitting ducks.
For example, Evite recently leaked almost all the information it has on over 101 million users – including email addresses.
It is very very easy for any hacker to craft Evite messages which look legitimate from people a user would expect to receive a solicitation from.
There are countless other online databases which have leaked which can be used as well. The list is nearly infinite.
The bottom line – things have gotten worse – as we predicted and will continue to do so.
Dana Tamir, VP, Market Strategy, at next-generation authentication platform Silverfort said in an e-mailed statement, “With over 80% of enterprise breaches leveraging compromised credentials, it’s important to require users to provide a second authentication factor, to validate they are who they claim to be before granting them access to sensitive resources.” She continued, “Multi-Factor Authentication has become a critical security measure as it can block credential stuffing attacks as well as other identity-based attacks.”
Making a proclamation to not pay ransoms is meaningless if you aren’t prepared in advance.
But how does one prepare?
We have put together cybersecurity essentials – a simple list which will help most organizations become far more secure.
If you are located in New York, Connecticut or New Jersey we recommend you get a free evaluation of your cybersecurity risk immediately.
Even if you have a current IT solution, it is always a good idea to get a second opinion.
The alternative could be a costly or catastrophic shutdown