BTS HelpDesk: 503-823-5199
1120 SW 5th Avenue, Suite 1111, Portland, OR 97204
Welcome to our blog. Here we will let you know the latest happenings in the information security world.
Lake City, FL pays ransomware to recover their City services
This is the 2nd Florida City in 2 weeks to pay out large sums to ransomware attackers.
ars technica - A tale of two cities: Why ransomware will just get worse
A thought provoking article:
- What is the value of a City's disaster recovery, backup, and incident response plans? Baltimore, MD and Riviera Beach, FL are discovering how much.
Riviera Beach, FL paid a $600k ransom to unencrypt and restore their data
The City of Portland has not had to pay and we have built controls to protect the City network. However, this is still a possibility and a reason to stay vigilant when interacting with email or phone calls.
Paying the criminals incentivizes others to continue to phish users and ransom data. Baltimore did not pay in early-May and they have been down for more than a month. Riviera paid, now we will see how easily they recover. Both Baltimore and Riviera have a long process of cleaning up the infection and understanding all parts of their networks that are infected. Baltimore's ransomware has cost more than $25M. Riviera is not done with costs. They are likely to pay a proportional amount to Baltimore after cleanup.
Social Engineering (email phishing) attacks hijack payments intended for City contractors
Another Business Email Compromise (BEC) attack.
Today it's the City of Burlington, ON, for $503,000.
City of Portland payment processes include multiple account change validations that prevent this type of compromise.
Thanks for staying vigilant.
NBC Nightly News (video segment) 2019-06-11. Social engineering attacks focused on a popular banking app.
Zelle user bank accounts compromised through social engineering:
-- Many banks partner with Zelle to provide mobile banking services. This NBC News video segment may be of interest.
Further Details on how scammers are creating unauthorized Zelle accounts through social engineering:
1) Activate Multi-Factor Authentication (MFA) for access to your bank account, regardless of device or location.
2) Activate bank transaction 'alerts', which means your bank will send you a text message when a transaction occurs.
A number of banks will also let you decide minimum thresholds for notification, such as $100.00 or above.
3) Check your bank account regularly to look for any unauthorized or unanticipated charges or transactions.
4) Never respond to text prompts or calls that request passwords, passcodes, PINs, or account information. Only provide your bank or card service provider with information when you have contacted them through a secure login website or when you have called them through a published contact phone number.
Be safe out there!