Did You Hear?
Maybe you haven’t read it, but on Monday, Krebs on Security reported that ransomware victims are receiving emails from the hackers. Let’s make sure we define “victims” in this sense. The people receiving the emails aren’t the companies that have been breached. Instead, the hackers are reaching out to the individuals whose data was stolen from those companies. But what does this actually achieve?
Other than creating anxiety and anger, the point is to create further leverage for greater ransom demands of the company that’s been hacked. Paying a ransom is dicey. You may get your information, you may not. And even if you do get the decryption keys, there’s a chance the hackers will publish the data anyway. These are all decisions a large company has to make when figuring out if they’ll pay.
So how can we spin this anxiety inducing action into something positive? Well, for one there’s increased transparency. An organization can’t hide a hack, or who the hackers are, when these emails go out. Plus the hackers are increasing their reach. It opens up more avenues to monitor and perhaps catch them.
There seems to finally be a break in the hold ransomware gangs hold over us with this year’s Emotet botnet takedown. Perhaps this new method of intimidation will lead to further advancements by law enforcement. Whatever happens, we’ll have to see.
What To Do
In the meantime, keep calm. If you ever are on the receiving end of one of those emails, follow some of our suggestions below.
1. Don’t click on anything inside the email.
2. Don’t act on any demand inside the email.
3. Make sure your security software is updated.
4. Alert the authorities.
5. Put alerts and monitoring on your credit.
Finally, advocate for preventative cybersecurity. Detection and response aren’t going to stop the hackers once they’re already inside. The only chance of keeping data private is prevention. Stay safe out there.
1,044 total views, 11 views today