Tag Archive for: You’ve

You’ve Been Hit by Ransomware: What Should You Do? | Kohrman Jackson & Krantz LLP

/in


Despite your best efforts, you have been hit by ransomware. You are locked out of your system, and you can provide no services to your customers, clients or patients. From a business perspective, you need to get your system unlocked so you can get back to work. But, from a legal perspective, what should you do?

PAYING THE RANSOM

Recent changes in the law have made one option – paying the ransom – significantly more complicated, and those who choose this route may actually find themselves in legal trouble. First, the federal government has been threatening to go after ransomware victims who pay ransoms for violations of federal money laundering, money transfer and international sanctions laws. Second, states are actually prohibiting entities (both municipalities and some private companies) from paying ransom to get their data restored. For victims, this can mean both excess time without the ability to access your data and paying millions of dollars in damages or restoration costs rather than a more modest payment of ransom to the threat actor.

Effective July 1, 2022, Florida became one of an increasing number of states that banned the payment of ransom in certain circumstances. Florida Stat.282.3186 specifically provides that

“A state agency … a county, or a municipality experiencing a ransomware incident may not pay or otherwise comply with a ransom demand.”

This is similar to the laws in North Carolina, Pennsylvania, Texas, Arizona (HB 2145) and the proposed law in New York, all of which have either banned, or seek to ban, the payment of ransom in ransomware cases. Some of these laws apply only to state or municipal agencies (including public hospitals), but others, like that proposed in New York would apply to any businesses or health care entity.

In addition, a proposed federal law, the Ransomware and Financial Stability Act of 2021, 117 H.R. 5936, would prohibit any U.S. financial institution from making a ransomware payment in excess of $100,000 without authorization from the treasury department. Federal law also requires critical infrastructure companies to notify the government within 24 hours if they have made a ransomware payment. The laws also prohibit…

Source…

You’ve got backup – but how safe are you?

/in


Most businesses have backup facilities in place to help them in the event of a data breach or physical disaster that renders their offices or data unusable

But how many know that they can retrieve that data and have their business up and running again in minutes?  

Server room floods, ransomware, fires – however your data is damaged, lost or digitally encrypted – do you know how quickly you can retrieve it or even if you can?  iland found in a recent survey that just 50% of businesses are testing their disaster recovery (DR) plans only annually or at less frequent intervals, while seven percent did not test their DR at all. Of the organisations testing less frequently, half said their disaster recovery plan may be inadequate based on their most recent DR test, while 12% encountered issues that would result in sustained downtime. Zero respondents said that their DR test was completely or moderately successful. Everyone reported experiencing issues. 

So, with most companies remaining badly behind the curve, what steps are needed to ensure that you can retrieve your data after a data breach or disaster?  

Understanding your data  

The datasets of organisations are huge, but the ability to retrieve 100s of terabytes in minutes is like having a spare car in your garage just in case your main one doesn’t work – it’s expensive to have it all waiting on the off chance you need it. And the faster you need it back, the more it costs. 

Therefore, a core aspect of a DR strategy is to prioritise the data that is most critical to the business and focus your efforts around protecting that data first. To understand your data, look at your entire estate and define what’s critical to your business operations. Prioritise it in order of how it would impact customer delivery most if lost. It will give you a focus, and in turn, you can develop measures to minimise data loss in the event of a cyber-attack or disaster. You can also catalogue it by how much data can be lost by invoking a recovery (RPO) and its priority for recovery (RTO). 

Obviously, there is a cost implication for any backup and with datasets increasing, it can be very expensive to store all…

Source…

Salisbury Bancorp : What To Do If You’ve Unwittingly Paid a Scammer

/in



What To Do If You’ve Unwittingly Paid a Scammer

August 18, 2021

Every day, in spite of their best intentions, people get taken in by scammers. A moment of inattention or an utterly convincing story, and you’re suddenly on the hook for real money. Worse, scammers are good at convincing you to pay in ways that give them fast access to your funds, and make it hard to get your money back.

But, according to the Federal Trade Commission (FTC), the situation is not always hopeless. Here are some options you might try. With any of them, the sooner you act, the better.

Credit or debit card
This is your ‘best case scenario,’ since many credit card companies will reimburse you for suspected fraud. Contact your credit card company or bank immediately, tell them what happened, and ask for a ‘chargeback’ to reverse the charges.

Gift card, prepaid card, or cash reload card
Contact the company that issued the card and tell them you paid a scammer with the card. Ask if they can refund your money. If the scammer hasn’t already used the card, you may get lucky, so the sooner you contact them, the better your chances.

Wire transfer
If you wired money through a company such as Western Union or MoneyGram, contact the company immediately to report the fraud and file a complaint. You can call MoneyGram’s complaint department at 1-800-MONEYGRAM (800.666.3947), and Western Union’s at 800.325.6000. Although it’s unlikely to happen, you should ask for the wire transfer to be reversed.

Money transfer app
Online peer-to-peer (P2P) payment systems such as Venmo, PayPal and WePay are convenient – and instantaneous. That doesn’t mean you shouldn’t try to get your money back. Contact the company behind the app, but if the app is linked to a credit card or debit card, contact your credit card company or bank first.

Remote access
If you were taken in by a tech support scam and gave the scammer remote access to your computer, you should immediately update your computer’s security software. Then run a scan and delete anything it identifies as a problem.

Username/password…

Source…

If You’ve Ever Charged With a Public USB Port, You Could Have Been ‘Juice Jacked’ – ScienceAlert

/in

If You’ve Ever Charged With a Public USB Port, You Could Have Been ‘Juice Jacked’  ScienceAlert
“Don’t Plug Your Phone into a Charger You Don’t Own” – read more