Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#ransomware’

Ransomware-Cryptofortress-TeslaCrypt1-825x510

With Ransomware On The Rise What Can You Do To Protect Yourself From Ransomware Attack

June 20, 2016

The recent attacks on hospitals across the world affecting hundreds of thousands patients information globally obtained by hackers emphasize the scale of the issue. The ever rising trend of cyber-attacks on healthcare with ransomware happens mainly through phishing email and the reason being is underestimated importance of cybersecurity measures to be taken in the healthcare industry.
In the instance of Wyoming Medical Centre cyber-attack through email scam the damage involved exposure of nearly 3,300 patient’s sensitive information. The attack performed through legitimate looking phishing email to which employee have responded, and thus letting hackers an access to Hospital network enabled them to obtain patients personal information as names, contact details, health insurance details, social security numbers and other sensitive data that may cause harm if landed in wrong hands.
Based on the scenarios of recent attacks on healthcare establishments, InfoSec industry suggests in the average several crucial tips to follow to prevent corporate email network from being a victim of a phishing scam:
1. If you received excel or other files instructing you to enable some options like macros to be able to view the so called “important information” – do not do it.
2. NEVER provide your password to anyone via email
3. If you are a Healthcare Establishment – use only HIPAA compliant email service (ShazzleMD is one of them and provides an easy solution, no password required and works like any other email)
Be suspicious of any email that:
4. Requests personal information.
5. Contains spelling and grammatical errors.
6. Asks you to click on a link.
7. Is unexpected or from a company or organization with whom you do not have a relationship.
If you are suspicious of an email:
8. Do not click on the links provided in the email.
9. Do not open any attachments in the email.
10. Do not provide personal information or financial data.
11. Do forward the email to the HHS Computer Security Incident Response Center (CSIRC) at csirc@hhs.gov and then delete it from your Inbox.
12. Although HHS’ CSIRC undoubtedly does not want a barrage of emails from non-government entity staff reporting potential phishing attacks, a covered entity or business associate should articulate a similar process for staff to follow when a suspicious email is identified.
Be suspicious of any email that:
13. Includes multiple other recipients in the “to” or “cc” fields.
14. Displays a suspicious “from” address, such as a foreign URL for a U.S. company or a Gmail or other “disposable” address for a business sender. However, even when the sender’s address looks legitimate, it can still be “spoofed” or falsified by a malicious sender.
Following the above mentioned tips will increase cyber security of a healthcare network, and not only, from a ransomware attack performed via phishing emails that are increasing with high tempo every month.

Tags: , , , , , ,

phishing-attack

Phishing Attacks Soar in Record-Making Surge

May 26, 2016

The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history. According to the APWG’s new Phishing Activity Trends Report, the total number of unique phishing websites observed in Q1 2016 was a record 289,371, with 123,555 of those phishing sites detected in March 2016.
Those quarterly and monthly totals are the highest the APWG has seen since it began tracking and reporting on phishing in 2004.
There was a 250 percent increase in phishing sites between October 2015 and March 2016. “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016,” said Greg Aaron, APWG Senior Research Fellow and Vice-President of iThreat Cyber Group. “The sustained increase into 2016 shows phishers launching more sites, and is cause for concern.”
APWG Chairman Dave Jevans said, “Globally, attackers using phishing techniques have become more aggressive in 2016 with keyloggers that have sophisticated tracking components to target specific information and organizations such as retailers and financial institutions that top the list.”
On the heels of this report of record numbers of cybercrime attacks, APWG will be holding its annual general meeting and cybercrime research conference next week in Toronto. There, its global cadre of cybercrime responders, managers and university researchers will be plotting strategies to neutralize the menace of cybercrime, a sprawling threatscape growing seemingly unchecked in scope and virulence in recent years.
In the Q1 Trends Report, APWG found that the Retail / Service sector continued to be the most heavily attacked. APWG member MarkMonitor observed more attacks targeting cloud-based or SAAS companies, which drove significant increases in the Retail/Service sector. Financial and Payment targets were also heavily targeted as usual.
Ransomware continues to be another increasing threat, with APWG members Forcepoint and PandaLabs seeing increasing numbers of ransomware infections in early 2016. According to Carl Leonard, Principal Security Analyst at Forcepoint: “The onslaught of ransomware has not abated in 2016. Ransomware authors exhibited a willingness to adjust their scare tactics and software in Q1 2016 as they sought to scam more end-users. The takeaway is clear – ransomware authors are more determined and aggressive in 2016. End-users should be aware of the danger and take preventative measures.”
APWG co-founder and Secretary General Peter Cassidy reviewing the quarter’s disturbing numbers said, “The threat space continues to expand despite the best efforts of industry, government and law enforcement. It’s clear we have a lot to talk about in Toronto, perhaps broaching some broader resolutions to unify efforts across sectors. After all, what is civilization but the largest conspiracy?”
The full text of the report is available here:
http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf
By APWG – Anti-Phishing Working Group
http://www.apwg.org

Tags: , , , , , ,

Protect-From-Ransomware

FBI Warns of a Rise in Ransomware Attacks

May 17, 2016

The Federal Bureau of Investigations (FBI) is warning businesses to be on the lookout for a rise in ransomware attacks.
On Friday, the FBI published a letter revealing that the threat posed by ransomware to hospitals, state and local governments, law enforcement, small businesses, and private individuals is growing.
“Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher,” the letter reads. “And if the first three months of this year are any indication, the number of ransomware incidents–and the ensuing damage they cause–will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.”
Along with an increase in the number of ransomware attacks, the FBI has observed a corresponding increase in the sophistication of attack campaigns. Computer criminals traditionally relied solely on spam mail to send out most forms of malware. Now they are turning to more sophisticated means, including spear-phishing (or whaling) emails and exploit kit attacks that don’t require user interaction.
The FBI has said in the past that paying the ransom fee is sometimes the only way for victims to recover their encrypted data. But in its letter, the FBI is careful to point out it does not support that course of action given certain negative consequences.
“Paying a ransom doesn’t guarantee an organization that it will get its data back–we’ve seen cases where organizations never got a decryption key after having paid the ransom,” explains FBI Cyber Division Assistant Director James Trainor. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
Acknowledging those repercussions, the FBI urges organizations to develop a business continuity plan they can implement in the event of an attack and to invest in ransomware prevention.
By David Bisson
www.tripwire.com

Tags: , , , ,

proxyl

The Percentage Of Health Care Data Breaches Due To Criminal Acts Has Risen From 20 to 50 Percent Since 2010

May 16, 2016

The percentage of health care data breaches due to criminals has risen from 20 to 50 percent since 2010, but health care organizations are failing on defense, according to a new study.
On average, the percentage of health care organizations hit by a data breach has stayed steady, in the high 80s and low 90s, according to Larry Ponemon, chairman and founder at Ponemon Institute, which conducted the study, but the number of breaches due to accidentally lost devices has dropped.
Most recently, ransomware and denial-of-service attacks have become top security concerns. These kinds of attacks have the potential to shut down the operations of a health care organization, putting lives at risk.
Ransomware typically encrypts all data, making patient records inaccessible to doctors and nurses.
Denial-of-service attacks shut down the tools and systems used to access those records.
“A lot of these tools now are Internet-facing or are actually in the cloud,” Ponemon explained.
“I think we’re actually in a situation where the bad guys are winning at this point,” said Rick Kam, president and co-founder at ID Experts, which sponsored the report.
One reason is finger pointing, he said. Health care providers point to third-party business associates, such as drug companies and claims processors, while the business associates point the finger back at the health care providers.
“Neither the business associates nor the health care entities are doing their job,” he said. “There’s a small increase in security budgets, but that incremental spending is not keeping up with the threat.”
Another contributing factor, he added, is that the majority of the health care organizations are regional and local hospitals, which are not flush with cash.
Health care organizations understand that they are targets.
More than two-thirds, or 69 percent, said that they are at greater risk than other industries for a data breach.
And there has been some improvements.
Sixty-three percent of respondents said they have policies and procedures that are in place to effectively prevent or quickly detect unauthorized patient data access, up from 58 percent in 2015.
And 57 percent said they have the expert personnel to be able to identify and resolve data breaches, up from 53 percent in 2015.
In addition, 71 percent have an incident response plan process in place, with involvement from information technology, information security and compliance, a slight increase from 69 percent in last year’s study.
However, slightly more than half of health care organizations, 52 percent, said that security budgets have stayed the same since last year, and 10 percent said their budgets decreased.

By Maria Korolov

www.csoonline.com

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more