This is one of the rare Cyberheist NewsFlash issues that we send when we run into something important enough to alert you about right away. Please forward to your friends and colleagues.
We have just found out that if your organization needs to comply with data security regulation or is located in a state where data breaches are required to be made public by law, there is another large increase of risk and cost related to ransomware.
It was reported in several news media that brokerage house Benjamin F. Edwards & Co. (BFE) had a data breach that was a result of a CryptoLocker copycat ransomware infection called CryptoWall. The brokerage house announced this week that they had suffered the data breach on May 24, 2014 when they had their computer systems compromised by an "unauthorized third party".
The breach was discovered three days later on May 27, 2014. A month later, on June 27, they started sending out breach notification letters to their customers, offering affected customers free identity protection, fraud protection and credit monitoring for 12 months.
Additional information was included in the New Hampshire Dept of Justice disclosure notice (PDF). "In more detail, an employee of BFE was the victim of a CryptoWall malware infection (a variant of the more common Cryptolocker malware) that encrypted files on the employee’s computer and files on certain shared drives to which the user had access. As a result of the infection, data was transferred to a suspicious IP address. The investigation of a professional forensic expert has not, however, been able to reveal the content of the data transmitted to the IP address."
We are seeing a new wave of ransomware created by Russian cybercriminals, and our recent survey shows that IT pros expect it to get worse the rest of the year. To add insult to injury, apart from the confidential files being encrypted and ransom extorted, the ransomware sends unidentified data out of the victim’s network. That means the malware infection needs to be treated as a data breach with accompanying very high costs. Educating users with effective security awareness training can proof companies against ransomware like CryptoLocker plus its copycats and protect against lost credibility with customers.”
Remember, the impact of a data breach is heavy, here are just a few bullets
- The average consolidated data breach cost is $136 per lost record.
Loss of reputation
Heavy impact on IT resources
Offering customers free identity theft protection, fraud protection and credit monitoring
Don’t let this happen to you. Step your users through effective Kevin Mitnick Security Awareness Training and send them our automated simulated phishing attacks at least once a month. We feel so confident this will stop users from opening infected attachments that we will pay your crypto-ransom if you get hit.
Learn more about our guarantee and find out how affordable this is for your organization.