The House of Representatives has reported a sharp increase in ransomware attacks and is blaming staff's use of YahooMail. The House Information Security Office took immediate action with an organization-wide memo banning all staffers from any use of Yahoo's "free" email service. Gmail is noted as a probable culprit as well. In today's report, we look at what this means to the rest of us, and how you can protect yourself from the super-cycle of cyber-crime that is imminently at hand. A copy of the House of Representatives email is linked below.
... the House Information Security Office has seen an increase of attacks on the House Network using mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers.
From an email memorandum to all House Staff
I've been writing every day for three years on a forthcoming book, "The Cyber Security Handbook - How to Survive and Succeed in the Digital Age." Concurrently, I run a company that is precisely where the rubber hits the road on the topic; at the intersection of individuals, their personal technology, and the risks and consequences at hand.
But, I have never witnessed the level of activity and intensity of attacks as we have seen over just the past few weeks.
The issues, topics, and real-world-at-the-moment cases come faster than I can put them down. These are not incidental noises in the field; but profound experiences happening to real people, living mainstream lives, and it's a leading indicator of what's to come.
Today, just as I put some finishing touches on this piece about the U.S. Congress getting hit with ransomware (and banning YahooMail), and after having reviewed today's statement by the SEC's Mary Jo White proclaiming cyber risk as the #1 risk to the U.S. financial system, I am now listening to a Cisco IT security conference call appropriately titled "Ransom Where ... Everywhere. Breaking Down the Ransomware Attack."
Oh, and this just went by: "117 Million LinkedIn Accounts Hacked." (Note- If you have an account at LinkedIn, you will want to change your password.)
Cisco's conference call is well done, very detailed, but no less daunting. This is a huge deal, and it is getting much, much worse very fast.
The profit motive has reached mind-blowing proportions. You will see what I mean in a minute, but if you want to catch-up on a term that will be at the household level soon, see:
"Ransomware - The Evolution of Extortion" - http://www.totaldigitalsecurity.com/blog/ransomware-what-you-must-know
How to Make $34 Million a Year - No Resume Required
This is what you need to know about Cisco's call: using conservative estimates on expenses, hit-probabilities, and average ransom demands, Cisco engineers figure a typical hacker can make $34 million a year using today's ransomware software tools. Tools available to anyone. For rent. Crime-as-a-service. Now, anyone can decide to make money beyond their wildest dreams, at levels not possible in another profession; legal or not.
And, the money? It's tax-free, anonymous, liquid, and portable - with a click through a digital currency transaction (see Mary Jo White's comments again).
Cisco's observations and assumptions are consistent with the study by Trustwave that uses real-world data, and estimates ransomware hackers can easily make 1,425% on their capital by renting the hacking software, buying the "free" email address lists on the DarkNet, and launching large-scale attacks against many faceless victims at a time. You can see Trustware's math and read their report, appropriately titled: "What You Can Learn from the Ridiculous Money That Cybercriminals Make." here:
The profit motive in cyber crime, coupled with the ease of perpetration and minimal chances of getting caught, is driving what we call "The Imminent Super-Cycle of Cyber Crime."
Click here to read more.
These are high times for anyone with even the slightest bent in their moral code. No capital required, anonymous $ millions, tax-free, and in the U.S. we are entirely unprepared, completely vulnerable, and as individuals we are going to make some seedy characters very, very rich.
There is a way to opt out of this madness, gain some digital autonomy that will pay spades in the future, and sidestep the losses potentially ahead. Owning a personal email domain takes you off the grid of "free" email exchanges, and puts you back in control your personal information.
With a private email domain you reclaim your privacy, security, and personal safety and it's the most important step to a cyber-risk plan for yourself and those around you. The private domain can last a lifetime, even multiple generations if you like, and the sooner you start to reduce your digital footprint using a private email, the better it works for you over the long-run.
Consider a private email domain for your family. If you are a trusted professional advisor; Realtor®, attorney, accountant, insurance advisor, family office, anyone that depends on trust and information for their business, and you are still using Gmail or any of the others, please privatize now before it invariably happens to you.
We help customers create resilient, highly-secure, and easy to use private email domains. Email accounts sync across all of their technology, are fully compatible with Apple, Windows, and Android, and come with a personal webmail URL for access from any internet-connected computer with a browser.
The process to privatize your email with a world-class system takes just three steps:
3 Steps to a Private Email Domain
How to create a Private Email Domain in 3 easy steps.
Click here to get started on a Private Email Domain of your own. Fill out the form and receive a no-obligation, customized plan and quote.
Click for the email to all staffers in the Hosue of Representatives, here.