In a frightening speech two days ago in Las Vegas to a convention of hedge fund managers that hopefully will serve as a wake-up call to those in the financial industry, John Carlin, the head of the Justice Department’s National Security Division warned his audience that hedge funds have become the target of a wide range of hackers including nationally sponsored hackers from Russia, China, Iran and North Korea as well as criminal groups from around the world and terrorist groups. One of the primary attack methods is the use of Ransomware, about which I have written numerous times over the last few years. Ransomware is a type of malware that when downloaded on to the victim’s computers encrypts and seals the victim’s data. The victim is then informed that either the victim pays a ransom immediately or its data will be destroyed. Already several hedge funds have fallen victim to this type of attack.
An important thing to remember about Ransomware as with most malware used by hackers and identity thieves is that in almost every case, the malware was downloaded through socially engineered phishing emails that tricked employees into downloading the dangerous malware. Corporate America has not done a good job of either training employees as to how to avoid phishing emails or segregating and isolating important data from vulnerability to such attacks.
This story is not only important to the national and international economies, but also to all of us personally as Ransomware is being used against individuals as well as companies. Once again, the best way to avoid downloading Ransomware malware is to follow my motto of “trust me, you can’t trust anyone.” Never click on a link or download an attachment until you have confirmed that it is legitimate. In addition, make sure that you keep your anti-virus and anti-malware software up to date although this is no guarantee of protection against Ransomware because the latest malware is always at least a month ahead of the security software companies. In addition, make sure that all of your data is backed up either in the cloud or by other data backup methods.