Imagine you’re Joe-Bob-Sally Democrat politician; you are ready to surf the “blue wave” (and avoid the red tide) that may (or may not) be on its way and … Oops.
Your entire campaign just got rocked by an IT disaster.
It wasn’t Russian’s hacking or faulty hardware. It was another example of ransomware wreaking havoc in the process.
In this case, cybercriminals brought a big box of digital chaos to the state of the Pennsylvania Democratic Party.
So far, it’s unclear if this attack came from weak infrastructure (air conditioning with a mobile app control but without a password is just one example) or through a socially engineered email campaign.
Nevertheless, the attack came through, locking up every file in the system, along with a request for 28 bitcoins (about $30K) for the encryption key to get the files back.
They said “no, thank you” to being held hostage and built everything back from scratch.
And for their effort? A whopping $700,000 bill from Microsoft.
Just a helpful tip, if you want to pay the most money for a job, hire Microsoft. Who does that? The government, I guess.
Most people would simply hire a regional/local technology company that specializes in this type of engagement. Just a thought. Would you hire Mercedes-Benz to get a nail out of your tire?
While our elected officials are pushing legislation to help stop these threats, it’s really easy to get in this business. And tracking down the perps? Not so easy.
In Michigan Public Act 95 of 2018, it’s a crime to possess such software. So how does find this type of tool? Go on the dark web, buy a tool like AKBuilder and soon you ready to begin sending out emails embedded with nastiness.
You have now become a criminal.
Once someone clicks on one of your emails and pays the ransom (which you split with the software creator), that’s how it works.
In the Sunshine State, we are not immune to this type of threat. I recently took a call from an attorney who was getting a weird email from the Florida Bar, asking if I could look.
I found it was completely bogus, but it also contained malicious content. There was a whirlwind of calls and scrambling as the attack was smart.
All the email said was your membership is past due, and it was made to look as if it was from the Florida Bar — just click here to make a payment.
Some clicked. Many did not.
When anyone asks for personal info, money, birthday, etc. the first thought should be DO NOT CLICK!
Always have someone call and verify. Banks, Microsoft, and the like never ask for personal info via email.
This concludes today’s cybersecurity lesson.
As the Facebook sage continues, there is going to be a lot of focus on the upcoming elections and worrying, all of which are valid.
In fact, there was more drama in the Facebook camp this as the Instagram founders quit on the job, as well as hundreds of additional sites removed that had ties to nation-states that do not play nice with others. But Facebook insists that they have everything under control.
We shall see.
Perhaps, we have better security protocols in our great state, or maybe we are just lucky since whenever I look for instances of cyber-mischief in Florida, most searches spit out something I wrote previously.
If you have read this far, contact your security expert ASAP to make sure you have your security protocols locked down. And change your password every month to something like “Fl@ridaP@litcsRoolz!”
A strong password is your front line of defense.
Thanks for reading, enjoy the Fall and be safe out there.
___
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].