Skip to Main Content View Text-Only

The City of Portland, Oregon

Office of Management & Finance

Bureau of Technology Services

BTS HelpDesk: 503-823-5199

1120 SW 5th Avenue, Suite 1111, Portland, OR 97204

Welcome to our blog. Here we will let you know the latest happenings in the information security world.


$600k Ransomware paid by Florida City

By Brian Ventura

Riviera Beach, FL paid a $600k ransom to unencrypt and restore their data

Link: https://www.forbes.com/sites/kateoflahertyuk/2019/06/20/florida-city-agrees-to-astonishing-600000-ransom-payout/

The City of Portland has not had to pay and we have built controls to protect the City network. However, this is still a possibility and a reason to stay vigilant when interacting with email or phone calls.

Paying the criminals incentivizes others to continue to phish users and ransom data. Baltimore did not pay in early-May and they have been down for more than a month. Riviera paid, now we will see how easily they recover. Both Baltimore and Riviera have a long process of cleaning up the infection and understanding all parts of their networks that are infected. Baltimore's ransomware has cost more than $25M. Riviera is not done with costs. They are likely to pay a proportional amount to Baltimore after cleanup. 

Business Email Compromise (BEC) attacks continue

By Christopher Paidhrin

Social Engineering (email phishing) attacks hijack payments intended for City contractors

Another Business Email Compromise (BEC) attack.

Today it's the City of Burlington, ON, for $503,000.

https://www.cp24.com/news/city-of-burlington-falls-for-503k-phishing-scam-investigations-underway-1.4465781

City of Portland payment processes include multiple account change validations that prevent this type of compromise.

Thanks for staying vigilant. 

Zelle Vulnerability exploited (mobile banking app)

By Christopher Paidhrin 0 Comments

NBC Nightly News (video segment) 2019-06-11. Social engineering attacks focused on a popular banking app.

Zelle user bank accounts compromised through social engineering:

-- Many banks partner with Zelle to provide mobile banking services. This NBC News video segment may be of interest.

https://www.nbcnews.com/nightly-news/video/how-scammers-are-using-this-popular-banking-service-to-drain-your-bank-account-61726789788

Further Details on how scammers are creating unauthorized Zelle accounts through social engineering:

https://www.nbcnews.com/business/consumer/instant-fraud-consumers-see-funds-disappear-zelle-account-scam-n1015736

Recommendations:

1) Activate Multi-Factor Authentication (MFA) for access to your bank account, regardless of device or location.

2) Activate bank transaction 'alerts', which means your bank will send you a text message when a transaction occurs.

     A number of banks will also let you decide minimum thresholds for notification, such as $100.00 or above.

3) Check your bank account regularly to look for any unauthorized or unanticipated charges or transactions.

4) Never respond to text prompts or calls that request passwords, passcodes, PINs, or account information. Only provide your bank or card service provider with information when you have contacted them through a secure login website or when you have called them through a published contact phone number.

Be safe out there!