NOWCAST WDSU News at 10pm
Watch on Demand
Advertisement

Next steps in the fight against ransomware attacks

The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.
Mark Albert
Next steps in the fight against ransomware attacks

The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.

gas lines and empty tanks hit some americans hard this month, victims of a ransomware attack on a key fuel pipeline and it's likely to happen again. Are you tracking other groups right now that are offering ransomware for future attacks? Yes, absolutely. Lior divas boston based companies, cyber reason warned last month about the exact group dark side who made and sold the ransomware hackers used to take down the colonial pipeline. Cyber reason says dark side posted sales pitches like this one hackers then by that ransomware and use it to hold infrastructure businesses and consumers hostage. Now, cyber reason sees another ruse posing as a company's help desk in a fake work email and virtually no company deve says is immune any company. We don't believe that they are just focusing on a single specific company. This is not just a normal cyber security threat, it's a plague. It's a key topic at this week's R. S. A. Conference, one of the largest annual cyber gatherings in the world. From, you know, economic nuisance Eight years ago to national security and public health and safety threat. Today, the conference revealed hackers getting greedier. In just one year, ransomware demands doubled from $15 million 30 million. An actual ransom payments nearly tripled. From an average $115,000 to 312,000. Government leaders see the threat growing. We have to collaborate, we have to work better together. Ransomware is lucrative, right? But we keep paying so they keep attacking and that attack we've learned relies on a key weakness. What is the number one risk to companies right now? The human element Masha Sudova, co founder of Elevate Security, a cyber consulting firm contributed to a study released this month that found 85 of all cyber breaches are due to employee errors. The solution Sudova says, work with the riskiest employees who click on suspicious links or are sloppy with passwords and urge them to fess up quickly if they make a mistake. It is embarrassing to say that you might have clicked a link. It is more embarrassing to be the reason that your company ends up on the front page of a newspaper. The human element has been proven to be truly the weakest link. In a joint release about the pipeline ransomware attack. The chairs of two key House committees said quote this attack not only highlights glaring vulnerabilities in our critical infrastructure, it also exposes a marketplace in which it may be easier for a company to pay off a criminal that put resources towards preventing and defending against attacks. In Washington, I'm Chief National Investigative correspondent Mark Albert.
Advertisement
Next steps in the fight against ransomware attacks

The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.
Mark Albert
The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.Our national investigative unit has a look at the next cyber attack already underway — and who's the biggest risk.Lior Div's Boston-based company, Cybereason, warned last month about Darkside, the group who made and sold the ransomware hackers used to take down the Colonial Pipeline.Now, Cybereason sees another ruse: posing as a company's help desk in a fake work email — and virtually no company, Div says, is immune."We don't believe that they are just focusing on a single specific company," Div said."It's gone from a nuisance to a public safety threat today," said Michael Daniel, CEO of Cyber Threat Alliance.It's a key topic at this week's RSA Conference, one of the largest annual cyber gatherings in the world. The conference revealed hackers getting greedier.In just one year, ransomware demands doubled — from $15 million dollars on average to $30 million, analytics firm Unit 42 found. Actual ransom payments nearly tripled — from an average $115,000 to $312,000.Government leaders see the threat growing."We have to collaborate," Alaina Clark, with the Cybersecurity and Infrastructure Security Agency, said at the conference. "We have to work better together." "Ransomware is lucrative, right? But we keep paying, so they keep attacking," explained New York Cyber Command’s Quiessence Phillips.And that attack, we've learned, relies on a key weakness. Masha Sedova, co-founder of Elevate Security, a cyber consulting firm, contributed to a study released this month that found 85% of all cyber breaches are due to employee errors.The solution? Sedova says companies should work with the riskiest employees who click on suspicious links or are sloppy with passwords — and urge them to fess up quickly if they make a mistake."It is embarrassing to say that you might have clicked a link," Sedova said. "It is more embarrassing to be the reason that your company ends up on the front page of a newspaper. The human element has been proven to be truly the weakest link."In a joint release about the pipeline ransomware attack, the chairs of two key House committees said: "This attack not only highlights glaring vulnerabilities in our critical infrastructure, it also exposes a marketplace in which it may be easier for a company to pay off a criminal than put resources towards preventing and defending against attacks."Our ransomware reporting doesn't end here. Click here to watch our 2019 report "Cyber Watch."

The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.

Our national investigative unit has a look at the next cyber attack already underway — and who's the biggest risk.

Advertisement

Lior Div's Boston-based company, Cybereason, warned last month about Darkside, the group who made and sold the ransomware hackers used to take down the Colonial Pipeline.

Now, Cybereason sees another ruse: posing as a company's help desk in a fake work email — and virtually no company, Div says, is immune.

"We don't believe that they are just focusing on a single specific company," Div said.

"It's gone from a nuisance to a public safety threat today," said Michael Daniel, CEO of Cyber Threat Alliance.

It's a key topic at this week's RSA Conference, one of the largest annual cyber gatherings in the world. The conference revealed hackers getting greedier.

In just one year, ransomware demands doubled — from $15 million dollars on average to $30 million, analytics firm Unit 42 found. Actual ransom payments nearly tripled — from an average $115,000 to $312,000.

Government leaders see the threat growing.

"We have to collaborate," Alaina Clark, with the Cybersecurity and Infrastructure Security Agency, said at the conference. "We have to work better together."

"Ransomware is lucrative, right? But we keep paying, so they keep attacking," explained New York Cyber Command’s Quiessence Phillips.

And that attack, we've learned, relies on a key weakness. Masha Sedova, co-founder of Elevate Security, a cyber consulting firm, contributed to a study released this month that found 85% of all cyber breaches are due to employee errors.

The solution? Sedova says companies should work with the riskiest employees who click on suspicious links or are sloppy with passwords — and urge them to fess up quickly if they make a mistake.

"It is embarrassing to say that you might have clicked a link," Sedova said. "It is more embarrassing to be the reason that your company ends up on the front page of a newspaper. The human element has been proven to be truly the weakest link."

In a joint release about the pipeline ransomware attack, the chairs of two key House committees said: "This attack not only highlights glaring vulnerabilities in our critical infrastructure, it also exposes a marketplace in which it may be easier for a company to pay off a criminal than put resources towards preventing and defending against attacks."

Our ransomware reporting doesn't end here. Click here to watch our 2019 report "Cyber Watch."

Top Picks

Rare find: Father-son lobstermen pull calico lobster from Maine waters
What is the 'American Community Survey' and is it legit?
Clint Eastwood's former California home on sale for $21 million
Meet the Navy veteran skydiving for his 91st birthday