Meeting this week with one of our national security partners, SonicWall, we had a fantastic luncheon with some local media partners, clients and Aegis staff.
A big topic of conversation — ransomware.
A SonicWall firewall can certainly help minimize risk, but there is no 100 percent protection from the constantly changing landscape of cyber threats.
Say you are a successful lobbyist, and legislation you want to pass is passing; you keep tweets clean, your email is in a secure cloud, your hardware is under warranty, with a solid backup, password-protected wireless network, two factor authentications for financial institutions, solid anti-virus, anti-spam protection firewall, and so on.
You rock through Session, rolling in a Maserati or other fly ride, feeling confident, successful — think Vince Vaughn in Swingers — confident. Then an intern clicks a link in a bogus ransomware email they thought was from the bank.
Now the game has changed; suddenly all your files are encrypted.
You are hosed.
Making things even worse is that this particular variation of ransomware not only encrypts files, but — if you do not pay the ransom — publishes your data on the web. That could include sensitive client info, financials, browsing history, everything.
This is happening, like a Cary Pigman late-night DUI. It’s not pretty, but it is a reality.
QuickBooks files? Yup. All of it.
Over the past few years, ransomware threats (like CryptoLocker) have hauled in over $325 million, with growth that more than doubles each year. How? Why?
Side note, why was Chris Kattan on Dancing with the Stars, what a spectacle. Even worse, why am I admitting to watching? Talk about shame.
Anyway; the “why” is indeed Intriguing.
The business model of ransomware cons is awesome (the crime is not awesome, but it is a classic pyramid scheme).
Go on the dark web and buy a ransomware tool kit for next to nothing; “they” show you how to launch ransomware campaigns via the web and they want half the cut (usually of any of the profits you make).
One variation is particularly devious.
After infection, they will send you the encryption keys to your files, but only if you get two other people you know to click on the same email. They also encourage you to send it to people you don’t like.
The threats are real, so keep your Maserati clean, and keep the intern off the internet.
Blake Dowling is CEO of Aegis Business Technologies and writes for several organizations. He can be reached at firstname.lastname@example.org