Phish food: Ransomware targets businesses big and small

Load articles

John Mark Casey of Ridgeland-based IT security firm BCI seaks to the McComb Exchange Club on Thursday. (Matt Williamson | Enterprise-Journal)

There’s no single solution to avoid ransomware, but there are some steps companies can take to ensure they’re not carelessly inviting it into their computer network.

That’s according to John Mark Casey, an account executive with BCI, a Ridgeland-based IT firm whose clients include businesses big and small, including Saks Fifth Avenue and Southwest Mississippi Regional Medical Center.

Casey spoke to the McComb Exchange Club on Thursday about what its business-minded members, whose companies may have just a few computers, to a few dozen machines and multiple file servers, can do to save their digital lives.

“Ransomware is something that gets introduced into your environment. It encrypts your computer or your servers to where you can’t access your data, and then some bad guy wants money for it,” he said. “Huge cities and Sony got hacked and all of this kind of stuff. I’ve seen it shut entire school districts down.”

But it’s not the big companies that have the target on their backs, he said.

“Tons and tons of small businesses get way more ransomware than bigger businesses,” Casey said.

He recalled one business, an HVAC company with offices across 13 states and a payroll of 1,000 employees idling for three weeks because of ransomware.

“It shut the business down for three weeks and workers were not able to get paid,” he said. “They were able to get very little of their data back.”

Casey said anything that’s connected to the internet is vulnerable to attack.

“If you’re plugged into the internet, you’re plugged into the wild, wild West,” he said.

Hackers exploit weaknesses in the system and gain access to networks through various schemes.

Some steal valid log-in credentials through other means. Casey said someone can find a weak point through something that seems unrelated and innocuous, like someone logging in on their phone to pay for their gym membership. But if a hacker is able to see that password, they just might try it out on something else on their phone, like a work email that just might happen to have the same password. Once they’re in, it’s too late, Casey said.

“We had ones of the companies, the HR lady, her information got stolen,” Casey said.

Hackers found a trove of employee personnel information and used it to file fraudulent tax returns.

“Phishing” emails that seem legitimate and ask users to reset a password or update some other information are akin to holding the door open for a hacker.

Browsing corrupted websites, which also may look legitimate but might be a knock off to a site that is, with a similar but different address, is another avenue for nefarious actors.

Randomly inserting USB sticks with questionable provenance is another high-risk activity, Casey said.

Once a person’s data is stolen, it’s often sold on the dark web for next to nothing compared to the financial ruin it can lead to, Casey said.

He gets a report of information that’s for sale on the dark web. One time he found a business owner he knew on it, went to him and recited his banking password.

“How do you know that?” the business owner asked him. “Well, it’s for sale on the dark web.”

As part of a service to its customers, BCI tries to infiltrate their systems.

“We do what a hacker does. We scan you from outside to see what vulnerabilities are there,” he said.

BCI uses a system known as EDR — short for end point detection and response — to clamp down on hackers. It’s a type of anti-virus that instead of using a catalog of known viruses looks for odd behavior on a hard drive or across a network.

“It knows everything on your machine and anything new that gets introduced, it’s looking at what it is,” Casey said.

BCI also tests how willing the employees of its clients are to fall for a phishing email or some other type of cyberattack as part of security awareness training for employees.

“Quarterly we send out fake phishing attempts,” he said. “You get reports back and they’ll show you who failed it.”

Casey said there are some steps businesses can take to avoid becoming a victim.

Two-factor authentication for logins is one easy and effective thing to set up, he said.

And most importantly, businesses should keep their equipment up to date. Casey said he often encounters businesses that are still running outdated operating systems and old machines, with the cost of an upgrade being the most common answer for the reason why they’re still in use.

But he said he’s also seen plenty of businesses that were reluctant to upgrade saddled with lost productivity and revenue after a cyberattack shut them down, and the losses are almost always more than a software upgrade.

And if all else fails, Casey offered one more means of protection.

“ If you don’ have cybersecurity insurance, you should go buy cybersecurity insurance,” he said.

https://www.enterprise-journal.com/local-content-top-stories/phish-food-ransomware-targets-businesses-big-and-small

Save Local News.

Donate to the Enterprise-Journal!

Local news coverage is critical for a strong and vibrant community.

Unfortunately, local publications are dying because of monopolistic Big Tech. Over 30% of all newspapers are expected to close within the next three years.

Help support local news by making a donation today. You would be supporting a local institution, founded upon principles of integrity and strong editorial standards. Unlike social media, we vet sources, fact-check, and have roots embedded in our local community.

Support us. Support local news.

Donate OR Subscribe