Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

FBI gives stupid advice to men, who are stupider than women

Stu Sjouwerman, KnowBe4

5-November-2015 Men tend to click faster than women on phishing emails, and the FBI says it’s best to pay the ransom.

Of 201,755 simulated phishing emails sent over a 30-day period, men were more prone to clicking on a phishing email than women.

Over a 120-day period with simulated phishing emails that lead to a data entry landing page and asked for credential input, men provided data and gave up their credentials more than twice as often as women.

"In most companies the number of phishing-prone staff tends to hover around 16%” said KnowBe4 CEO Stu Sjouwerman. “After interactive training and simulated phishing attacks the likelihood of employees being fooled drops considerably, typically down to 1 or 2%."

Most ransomware infections are from people clicking on stupid stuff, like, “Hey here’s the voice mail you missed.”

Sjouwerman suggests recipients of these emails, “Nuke from orbit”, which is a line from the movie Aliens.

“It’s almost a meme on the web – we often get called from prospects, who claim their businesses are going down if they don’t pay… asking what a bitcoin is and how they get it?”

While it’s no fun for them, it’s an object lesson in how to keep a network safe, and in the process victims often become KnowBe4 customers.

In a current controversy Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in the Boston office told attendees of a presentation, “To be honest, we often advise people just to pay the ransom.”

“If you have to choose between tens of thousands of dollars in lost employee time or five hundred bucks ransom for the decryption key, I say this is a very cheap security audit and use it as a shot across the bow to get your defense in depth in shape,” said Sjouwerman.

In the Spiceworks community there’s furious discussion about the pros and cons of the FBI stance.

As prevention, make sure you have real time backups. More important – make sure you can restore from your backups. You’ll want to learn what MTBF is, and what to do when hard disks fail.

Why the rush of criminals to ransomware?
Eastern European cybercriminals used to do pharma crimes. When that was shut down they needed something else.  

Bogachev is allegedly the creator of Cryptolocker. Law enforcement cannot reach him” Sjouwerman said. “He made $27 million in four months. Other cyber mafias got into the game and furious innovation ensued, to where the code is bulletproof and those files cannot be decrypted without the key.”

Cryptowall is focused on customer service and their criminal reputation. They provide service within 24 hours, 24 hours a day.

So what’s to prevent a cybercriminal from keeping the ransom AND the data?

“We’ve had zero instances of files not being recovered, and we do this regularly,” said Sjouerman. “Their whole business model goes down the tubes if word gets out, so they have American-speaking tech support who help victims get their files back. They’re American nationals being paid by the criminals. We’re not sure where they’re located.”

A variation is the CEO money transfer fraud. Lots of people have been spoofed by emails supposedly from their CEO saying “I’m abroad, please transfer this amount to XXXXXX account.”

“We’ve been getting lots of calls about that one,” Sjouerman. “If you can figure out you've been scammed within 24 hours you have a slight chance of clawing your money back. It gets drawn out immediately, and transferred to four or five banks, until they can withdraw the cash. Your cyber insurance doesn’t cover this type of scam. You have to train your employees.”

KnowBe4 is offering insurance to its customers: If you get hit with ransomware due to human error or an employee it trained, KnowBe4 will pay the bitcoin ransom.