Global Threats to Local Business: Email Compromise & Ransomware A public service by :

1. Global Threats to Local Business: Email Compromise & Ransomware A public service by: San Mateo County District Attorney’s Office Vishal Jangla, Deputy District Attorney (material courtesy of the FBI & USSS)

2. Global Threats More than 4,000 ransomware attacks have occurred daily since January 1, 2016. They took in $1 bn in 2016.

3. Global Threats As many as 1 in 3 of all small and medium businesses were hit. 1 in 5 businesses that were hit had to completely shut down operations.

4. Global Threats Cost to small and medium companies? At least $75 bn in expenses and lost productivity each year.

5. Global Threats Overview • What is Business Email Compromise (BEC)? • What is Ransomware? • How do I protect my business?

6. Business Email Compromise BEC is a sophisticated scam targeting businesses that regularly perform wire transfer payments.

7. How it happens Step 1: Stolen credentials, malware, or email from spoofed or similar domain

8. How it happens Step 2: Compromised systems monitored and/or files scanned for invoices/accounts payable

9. How it happens Step 3: Surveillance or snooping on executives and their staff

10. How it happens Step 4: Impersonation of executives by way of email, voice and fax.

11. How money is moved When funds are wired internationally Money leaves the U.S. within hours, heading for the perpetrator’s accounts.

12. How money is moved When funds are wired domestically Money is first sent to a mule in the U.S., who forwards the funds to the scammer.

13. How money is moved Mules They are unaware of their criminal involvement. Recruited online through social engineering and fake “work at home” job postings.

14. How money is moved

15. What can I do? Revisit policies & procedures • Verify changes to existing bank deposit information • Contact requestors by phone • Require two parties to sign off on payments

16. What can I do? Prevent email compromise • Use unique passwords for your accounts • Manage passwords using an app • Two-step authentication

17. What can I do? If you are a victim • Immediately contact your bank and initiate a recall • Contact your local FBI or Secret Service Field Office

18. Ransomware Ransomware is a type of malicious software cyber actors use to deny access to systems or data for purposes of extortion.

19. Ransomware Once infected, the computer system will display an alert, along with a demand for payment.

20. Ransomware What happens if I don’t pay? Your data stays encrypted

21. Ransomware What happens if I pay? • You could be given a decrypt key • You are asked for more money • You are attacked again • Nothing

22. Ransomware Should I pay? • U.S. government discourages payment • Individual decision

23. Ransomware Common variants • Xorist • CryptorBit • CryptoLocker • Locky • Samas • WannaCry

24. Ransomware Who is behind it? • Individuals • Criminal organizations • Nation-states

25. How it happens Ransomware introduced through: • Phishing emails with code attached • Drive-by downloading • Instant messaging applications • Vulnerable web servers exploited

26. Protect yourself • Data backup and recovery plan for your “crown jewels” • Isolate backups from network access • Application whitelisting – prevents malicious software and unapproved programs from running • Keep all software updated and patched

27. Protect yourself • Maintain updated anti-virus software • Restrict users from installing software • Avoid enabling macros from email attachments • Do not follow unknown web links in emails • Annual penetration testing and vulnerability assessment • Awareness & training program

28. Protect yourself Download this presentation https://da.smcgov.org/protectyourself