Businesses Have Lost Thousands Of Dollars To Cyber Crime, Here’s How To Prevent It
3 Local Cybersecurity Horror Stories I’ve Seen Firsthand
This year alone I’ve seen businesses lose over $480,000 in cash and assets to cybercrime. The worst part is that it was all preventable.
I wanted to share three true stories about organizations that suffered cybersecurity breaches. Hopefully, these stories can serve as a warning and a call to action. Cybersecurity is something that most business owners don’t think about regularly. It’s definitely not a glamorous subject. But these real-life examples can put the risks in perspective.
For obvious reasons, I’ve kept the names of the individuals and organizations involved anonymous.
Idaho Municipality Is Hit With Ransomware
Earlier this year, we received a call from a small town in Idaho that was in serious trouble. We hadn’t done any work for them in the past, so we were going in blind.
The city’s network had been hit with ransomware and all of their data was encrypted. The hackers were demanding $3,000 in Bitcoin ransom. We advised that they immediately turn off all servers and that we would dispatch someone to assess the situation further.
The city asked that we wait to dispatch until the following day. In the meantime, they tried to get some help from a local IT specialist.
Did I mention that the city did not have any backups in place? They didn’t. There are ways to protect against ransomware but in general, you’re better off preparing for the worst. Our number one rule at Executech for ALL of our clients is Backups.
The well-meaning IT specialist tried to repair the ransomware like a virus. This caused the encryption to break. Neither the IT specialist nor the city was aware that this had happened.
Without any luck at decrypting the data, the city decided to pay the $3,000 in ransom to get the encryption key.
Our team arrived the next day after they called saying the key did not work. After researching what happened, we knew that the key would not work. The encryption itself had been broken and modified in an attempt to remove it and no key would ever work. Their data was permanently encrypted and lost.
Years of utility water and power bills, space reservations, building permits and even cemetery plot assignments were all gone. There is no final price on the data lost.
The Moral:
The importance of good backups can’t be overstated. Make sure your business, your family and your friends all have backup technology in place.
Moral 2.0:
Hire an experienced professional. Too often we’ve seen businesses try and make do with a friend or cousin that “knows computers”. Non-professional and untrained IT people will often make costly mistakes. It pays to hire the best and brightest when it comes to your business technology.
Financial Industry Firm Is Victim of a Phishing Scam
As IT experts we try and build systems to protect against every kind of contingency. Unfortunately, no matter how thorough, robust or fancy your technology is, it can still fall victim to human error.
Several months back, an employee at a financial services firm received an email from someone within the company. Nothing unusual about that. Except the email’s address wasn’t quite right. You’ve probably seen the brainteasers that scramble the middle letters in a paragraph, but the phrase is still readable.
This is what clever hackers had done to the company’s email address. One letter was out of place in the company name, making it seem like a legitimate email. The email requested for a seemingly routine wire transfer of funds for a client. The employee jumped on the task and $480,000 dollars was quickly sent out.
That money was jumped through at least three bank accounts before landing in an account in Africa in under an hour. The money was in criminal hands now.
Since the FBI only opens investigations of theft of $500,000 or more, the company was left without any way to get their money back or find justice.
The Moral:
Antivirus protection, software and backups are all essential to good cybersecurity, but company-wide training is also important. You should regularly run a Social Engineering Training Program administered by your IT expert. These programs test employee susceptibility to various phishing scams. Make sure your employees can recognize potential threats and tactics from cybercriminals.
Local Photographer Is Attacked With Ransomware
My last story is about a local, full-time photographer. It’s important to note that while they had a successful business, it was small, local and didn’t seem to have a lot of value in terms of data. They also had a backup system running.
The photographer was hit with ransomware. As we mentioned, there are ways to prevent ransomware, but it’s best to have backups in place as your main cyber strategy. The hackers were demanding $2,400 in Bitcoin.
The photographer thought everything was going to be fine since they had backups running. They waited a day to call us.
Unfortunately, they were using a backup that would overwrite itself each night. That night, the backup data was overwritten with the data that was encrypted. All of their files were locked. The only option was to pay the criminals.
I would also add that it’s not easy to buy Bitcoin. There are only a few ATMs in the state of Utah that will change cash into Bitcoin. You also don’t know who will end up with the money and it turns out that the FBI has become the largest holder of Bitcoin in the world from seized criminal assets.
The Moral:
Get backups with revision history. Your backup files should be viewable with versions up to at least 30 days back. If you need to revert your data files, you should be able to pick the date and avoid any encrypted or infected files.
Cybersecurity Is No Joke
October is National Cybersecurity month and we’ve been making it a priority to get the word out. Businesses need to take digital threats seriously and step up their IT game. These stories are only the tip of the iceberg of cybersecurity horror stories. Don’t let your business become the next victim or your organization may end up a ghost of the digital world.
