Today, we sent the following email to all our clients. We wanted to share this with you at large – this matter is too important to ignore.
-cm.
———————————-
Everyone,
Cyber attacks are on the rise and projected to grow. This is a multi-million dollar “business” and you are directly a target.
Just this last quarter, three of our clients have found themselves the victims of malicious attacks, and our consultants have been deployed to mitigate harm. It is estimated that 95% of all US business have been the target of attacks. These numbers will continue to grow. It’s not an “if you get attacked.” It is a “when.”
Please be very careful.
This is what you need to know to protect your files, assets, and your identity from being compromised:
What is it?
- Continuously Evolving Threats: The new “viruses” are not viruses in the traditional sense. There is no technology that is guaranteed to “catch” them (they mutate, making “vaccines” rapidly obsolete). One of the ways that they are activated is when the user clicks a link on a seemingly innocuous email. Once active, the virus will encrypt your files, including network-stored files, and files that are on any on-line site (e.g. on-line backup). They most famous one is called “Cryptolock,” and it demands payment for a key to unlock your files.
- No (or little) Cure: Even when you pay the ransom, there is no guarantee that you will a) be able to complete the transaction, or b) get the key to unlock the files. Why? Because law enforcement is doing their job! They constantly hunt down and close the “payment” servers, thus the extortionists can’t get paid. That adds insult to injury – you are out both the money you paid and you have no files. Worse, depending on how the user activated the encryption, your backup files themselves may be corrupted.
What can you do?
- Think before you click. If you get an email from an unknown sender, delete it. If you get an email that is asking you to click a link, even if the email is from someone you know, do not click the link. Never, ever, ever click a link in an email unless you are certain that the link is safe. How do you know? You get in touch with the sender. Call them (preferably) and ask if they did indeed send the email with a link. Can’t confirm it? Delete it. Simple.
All too frequently people’s email accounts are hacked and emails are sent on their behalf to fool their contacts. It is difficult in a stress-filled day to keep thinking about this type of malice. It is short of impossible to look at every communication with suspicious eyes. But that is exactly what the perpetrators are counting on. Take a moment and think before you click. Is this email something that your contact would send? Does it make sense? Is it consistent with their style of communication? It only takes one click…
- Never respond, always initiate. If you get a call (or email) from someone claiming they are your bank, your broker, your insurance, or any other trusted institution alleging that your account has been compromised (e.g. credit card stolen, fraudulent wire transfer, etc.) hang up! Do not give any information. Instead, after you hang up, call the institution yourself and ask to speak with their fraud (or security) department. You initiate the call, never respond. Control the communication.
- Password control. Make sure that your passwords are changed frequently and are of substantial complexity. Never, ever, ever, give your password out to anyone. Not even to the most trusted relative or co-worker. Through no fault of their own, their systems may be compromised and then it is your password that has been exposed. Use a password utility like LastPass and/or services like LifeLock to keep track of your electronic footprints.
Questions?
Call us or email us. We are happy to discuss this at length. But please: Do not ignore this. There is too much at stake.
Thank you,