https://www.zdnet.com/article/this-botnet-has-surged-back-into-action-spreading-a-new-ransomware-campaign-via-phishing-emails/

The content below is directed at state agencies, however is relevant to City of Portland employees. Some of our co-workers, friends and colleagues are on unemployment. Some of our co-workers, friends and colleagues are in Washington State and may be affected.

Also, this is an example of how fraudsters will find ways to exploit any process where they can steal money or information. Are there City of Portland processes that could be similarly attacked? If you have a concern, please contact BTS Information Security so we can provide security expertise and tools.

Massive Fraud Against State Unemployment Insurance Programs

The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs. The primary state targeted so far is Washington, while there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. It is extremely likely every state is vulnerable to this scheme and will be targeted if they have not been already.

In the state of Washington, individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefit Program, all in different individuals’ names with no connection to the account holder. A substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees. It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.

This fraud network is believed to consist of hundreds, if not thousands, of mules with potential losses in the hundreds of millions of dollars. The banks targeted have been at all levels including local banks, credit unions, and large national banks.

City of Portland Cybersecurity highlights:

• The City continues to protect and manage City technology networks, servers and computers with robust security capabilities. The City is able to protect laptops even when they are 'off' the City network.
• Please remember that on Wednesdays to leave your laptops powered on so that they can collect the patches and updates they need.
• In addition, BTS teams are deploying expanded secure remote access services (VPN) and encouraging all City employees to use Office-365 access whenever possible.

COVID-19 Websites Cyber threats

Not all COVID-19 websites are safe. 48,000 COVID-19 related web domains have been registered this year.

Scammers are eager to cash in on the pandemic.

If you'd like the scary details, Sophos has an article for you: https://news.sophos.com/en-us/2020/03/24/covidmalware/

• For all Oregon Health related COVID-19 resources please check the City of Portland's main page for COVID-19 links. https://www.portlandoregon.gov/

FBI resource:   https://www.fbi.gov/coronavirus

COVID-19 Malware and Ransomware threats

Not only are there misleading websites there are a myriad of malware and ransomware threats. Several links are included, below, to narrow your research.

Quick To Do List:

• Don't Click on unfamiliar hyperlinks
• Don't download unsolicited attachments
• Don't provide confidential information without verifying the request
• Remember that BTS HelpDesk will never ask for your password
• Remember that no one should ever ask for your username and password, or ask to use them. Ever.
• Contact the HelpDesk immediately if you think you may have been phished. 503.823.5199

COVID-19 malware and ransomware resources:

https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/

https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/

https://www.itproportal.com/news/new-coronavirus-malware-trashes-windows-pcs/

https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/

Be safe when you go outside, and when you go online.

+++

https://www.bleepingcomputer.com/news/security/coordinated-ransomware-attack-in-texas-hits-23-local-governments/

La Porte County in Indiana is the latest victim of the Ryuk ransomware.

https://www.bleepingcomputer.com/news/security/la-porte-county-pays-130-000-ransom-to-ryuk-ransomware/