Security : Malware : Ransomware :
New Ransomware Strain Causes Data Breaches
New Strain of Ransomware CryptoWall Leads to Data Breach for Brokerage House
The recent data breach at brokerage house Benjamin F. Edwards & Co. (BFE) was a result of a CryptoLocker copycat ransomware called CryptoWall. The brokerage house announced this week that they had suffered the data breach on May 24, 2014 when they had their computer systems compromised by an unauthorized third party. The breach was discovered three days later on May 27, 2014. A month later, on June 27, they started sending out breach notification letters to their customers, offering affected customers free identity protection, fraud protection and credit monitoring for 12 months.
This additional information was included in the New Hampshire disclosure notice. "In more detail, an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common Cryptolocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address."
According to Stu Sjouwerman, CEO of KnowBe4, “We are seeing a new wave of ransomware created by Russian cybercriminals, and our recent survey shows that IT pros expect it to get worse the rest of the year. To add insult to injury, apart from the confidential files being encrypted and ransom extorted, the ransomware sends unidentified data out of the victim’s network. That means the malware infection needs to be treated as a data breach with accompanying very high costs. Educating users with effective security awareness training can proof companies against ransomware like CryptoLocker plus its copycats and protect against lost credibility with customers.”
Sjouwerman urges, “Don’t let this happen to you. Step your users through effective Kevin Mitnick Security Awareness Training and send them our automated simulated phishing attacks at least once a month. We feel so confident this will stop users from opening infected attachments that we will pay your crypto-ransom if you get hit.“
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.
Advertise your product/service here!