The Week That Was – Scams of the Week 29

This is not a good time to be a city in Florida if you’re looking to avoid a ransomware attack. First it was Riviera Beach on June 5. Then it was Lake City on June 10. Now it’s Key Biscayne. According to the Miami Herald, “The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.”

Actually the Florida cities are just a symptom of a broader epidemic of ransomware hitting cities and municipalities. The article went on to say “Cities and small businesses are becoming more popular targets for hackers, who recognize frequently unsophisticated systems.”

In keeping with a theme, LaPorte County, Indiana coughed up $130,000 in response to a ransomware attack. According to Security Week, “Local CBS and NBC affiliates reported that officials decided to pay the 10.5 bitcoin ransom after the FBI failed to recover the data encrypted by the ransomware. LaPorte county’s insurance will reportedly cover $100,000 of the $130,000.”

“The ransomware involved in the attack is said to be Ryuk, which, according to some reports, was also involved in the recent attack on Jackson County in Georgia. Jackson paid cybercriminals $400,000 after its systems became infected with file-encrypting malware.” What’s the moral of the story? If you’re going to get hit by ransomware, it’s better to live in Indiana than Georgia.

Phishing Frontier

When it comes to ransomware, mayors in the United States are mad as hell and aren’t going to take it anymore, apparently. At this year’s Conference of Mayors, which represents the 1,400 mayors of cities with a population greater than 30,000, the mayors adopted a resolution not to pay any more ransomware to hackers.

According to an article on the Security Week website, “The Conference of Mayors has admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.’” Good for them.

What’s old is new again. Remember the FAX machine? Nobody faxes anymore. Well, actually they do. They just do it via email. And where there’s email, there’s phishing.

According to an article on Hoax-Slayer, “These services allow customers to send and receive faxes via email. So, if someone sends you fax using such a service, you will receive a notification email. The fax itself can be viewed by opening a file attached to the email or by logging in to the service’s website.” That’s a perfect setup for hackers looking to get unsuspecting users to click on a malicious link.

Email Archiving

Registered Investment Advisors are required email archive for communication with their clients. And according to the SECs’ Books and Records Rule, emails and their attachments are something RIAs must archive for a period of five years, the most recent two of which must be stored on-site or immediately accessible from the office. Cloud-based email security service systems are assumed to be on-site.

And that’s the week that was.