Portable Sanitation Association International

Association Insight August 19, 2020

Issue link: http://psai.uberflip.com/i/1280285

Contents of this Issue

Navigation

Page 2 of 24

ASSOCIATIONINSIGHT Portable Sanitation Association International News BIWEEKLY EDITION AUGUST 19, 2020 Page 3 Cyber Security Issues Continue…continued from page 1 Continued on page 13 In May 2020 A-Throne, a portable sanitation company in Long Beach, California was attacked by ransomware. The process of restoring their records was slow and expensive, and they learned a lot of lessons that were recounted in this Association Insight article published in July. Also in recent months, a supplier to the industry was attacked. We'll share their story below. But first, it is important to understand these attacks and how they work. What is Ransomware? Ransomware is the most common form of e-mischief that can paralyze your company and its services. While past viruses, pop-up ads, and other annoyances were problematic, most of those things have been addressed reasonably well. If something of that nature happens, it might affect part of your operation. Ransomware, on the other hand, can completely cripple your company's systems. It is a form of malware that encrypts all of your files. Customer records. Financial records. Routing. You name it; if it is kept electronically, you won't be able to access it. If you are attacked by ransomware, the attackers will then demand money to restore access to the data. Since they have your financial records, they know how much you can pay and how much it will cost to restore your systems some other way. Victims are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, usually payable to cybercriminals in untraceable Bitcoin. Who Is a Target for These Attacks? According to experts, there are several ways cyber criminals choose the organizations they target with ransomware. • Sometimes it's a matter of what easiest: for instance, attackers might target small-ish companies, public universities, and governments because they often have smaller (or non-existent) security teams and users that do a lot of file sharing, making it easier to penetrate their defenses. • Some organizations are tempting targets because they seem more likely to pay a ransom quickly. For example, medical facilities often need immediate access to their files. Law firms, mental health counselors, and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet. How Do Attackers Gain Access? Attackers often gain initial access through "phishing" emails. Phishing is a fraudulent attempt to obtain sensitive information or data, such as usernames and passwords, by disguising oneself as a trustworthy entity. Emails might look like they are from a bank or other company with which you do a lot of business such as Microsoft or Amazon. The phishing email often directs users to enter personal information at a fake website which matches the look and feel of the real site. Dridex is a particularly troublesome type of malware that often gains initial access to systems through phishing. It is designed to eavesdrop on victims' computers to steal personal information such as usernames and passwords, with the ultimate aim of breaking into bank accounts and siphoning off cash or holding data for ransom. The image above is an example of a phishing email from Dridex. Once the email or attachment is opened, your systems are breached and the mayhem begins.

Articles in this issue

Links on this page

view archives of Portable Sanitation Association International - Association Insight August 19, 2020