Ransomware

Any company that tries to sell a product or service will experiment with several different approaches until they find one that is successful. Unfortunately, this same strategy is now being used by scammers to find the best content for a phishing email that will deliver a ransomware payload.

A new ransomware headline appears every week, a frightening indication of how prevalent such attacks have become. But when Change Healthcare, one of the nation’s largest providers, was hit in February of this year, the impact was severe enough to draw the attention of the US Congress. 

While the exposure of patient records in the attack was concerning enough, broader repercussions were even more severe. The disruption extended beyond the data breach, impacting practitioners, pharmacies, insurance companies, and patient care:

Data breaches and ransomware attacks are a global threat – but a recent report revealed that American organizations are a favorite target.

According to critical infrastructure security company Dragos, 44% of ransomware attacks last year targeted North American organizations. And every year, the number of breaches goes up, as does the number of victims. In January of 2023, T-Mobile announced that an unidentified malicious intruder breached its network and stole data on 37 million customers, including home addresses, phone numbers and dates of birth.

Curious about your ancestry? Or looking for early warning signs of health issues that might be prevented? If so, you may have elected to have your DNA analyzed by a company that can provide those answers. But what happens if that company gets hacked?

Horror stores about ransomware just keep coming. Every week another city finds itself under attack by computer code that locks out personnel from the essential services they provide.

Your city is being targeted right now. The security protocols built into your IT infrastructure will repel most breach attempts. But they won’t catch them all. And sometimes – in fact, most of the time – it’s not about technology; it’s about one employee clicking on a phishing email that gives hackers access to your systems.

Most ransomware attacks and phishing schemes in public and private sector entities are successful because someone in that organization clicks on a link that gives the hackers access to their systems – and personal data on their personnel.

There are numerous ways to make one of these links seem authentic, and one of the latest may be among the most deceptive.

When we saw the news about Oakland being hit with a major ransomware attack, we knew two things were about to occur. First, our website traffic would surge and we’d be processing requests from hundreds of new clients over the next 48 hours. Second, we’d hear from current clients, confirming that their online privacy protection was still active and working to keep them safe.

Recently, the Bay Area Rapid Transit (BART) Police Department revealed that police personnel files were stolen in a ransomware attack and posted on the dark web. This is not the first such attack against BART personnel; in 2011, hackers released more than 100 officers’ email addresses, passwords and personal data.

That’s going to result in some bad press for a fine organization, but the fact is that no public entity is immune to such attacks. From the largest global entities to the smallest municipal library, hackers can strike anywhere.

This month, thousands of students finally returned to school classrooms. That’s the good news. The bad news? Ransomware has also gone back to school and is already causing trouble.

We’ve all heard of ransomware attacks against public and private sector entities. Hackers lock down websites and IT resources, and demand a ransom to restore access. The motivation is money, but the collateral damage often includes thousands of people having their personal information exposed.