Recent postings and updates
Click any link below to view
Click Icon to View
Regularly Scheduled Retiree Meetings
Click icon to view
Fill out this form
click “send” button below
Marin Squad, 1933, SF Golden Gate Park
Submitted by Rich Simmons
Support Your CHP Retiree Businesses
(Click on link)
Rest In Peace
Click name for details
Click icon above to Post Comments & Eulogies
Click Icon to
Post & View
Comments and Suggestions
Click banner to signup
Groups We recommend
After 16 years of faithful service to the State of California and with 10 years in the Arrowhead Area, OSS1 Phyllis Ross is retiring.
Please join the Arrowhead Area for a celebration luncheon on Thursday, June 30, 2016, at the Ontario El Torito Restaurant. The celebration will start at 11:30 AM.
The Ontario El Torito is located at 3680 Inland Empire Boulevard, Ontario, CA 91764. Please RSVP with Officer Juan Quintero by June 28th by calling (909) 867-2791 or by email at [email protected].
Threat of “Ransomware” continues to rise
The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.
And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.
Tips for Dealing with the Ransomware Threat
While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.
Business Continuity Efforts
In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.
Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals.
And in newly identified instances of ransomware, some cyber criminals aren’t using e-mails at all. According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”
The FBI doesn’t support paying a ransom in response to a ransomware attack. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
So what does the FBI recommend?
As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:
–Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
–The creation of a solid business continuity plan in the event of a ransomware attack.
“There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said Trainor. “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.” In the meantime, according to Trainor, the FBI will continue working with its local, federal, international, and private sector partners to combat ransomware and other cyber threats.