The Price of Falling Victim to Ransomware: Colonial Pipeline Forced to Pay $5 million ransom – could you be next?

May 17, 2021

By now, most of you have felt the impact of the recent ransomware attack on The Colonial Pipeline causing skyrocketing gas prices and even leaving some gas stations with shortages. Colonial Pipeline paid a pretty penny to resume operations by forfeiting $5 million to a well-known hacker group called Darkside. This is yet another example of a high-profile cyberattack.

Companies of all sizes are at risk of falling victim to cybercriminals. In late April of this year, Apple disclosed a third-party service provider had been attacked and cybercriminals were demanding $50 million in return for controls. The hackers behind the Colonial Pipeline have already attacked 3 additional companies only after collecting on the Colonial Pipelines ransom. The 3 companies were smaller in size and spread across the world – 1 in the United States, 1 in Brazil and, 1 in Scotland.

While Colonial Pipeline and Apple both experienced ransom attacks (cybercriminals deploy malicious software encrypting files on a computer system and then demand a ransom to be paid to restore the data), they were two completely different types of which exposures cybercriminals are now leveraging to ensure their payout:

  • Critical Infrastructure – Colonial Pipeline carries nearly half of the fuel supply on the East Coast meaning holding such a critical company at ransom to resume operations is a ruthless approach to ensuring a ransom will be paid. Cybercriminals are now turning their attention to critical infrastructure as prime targets.
  • Third-Party Targeting – Apple was not held at ransom within their own network, but at a third-party supplier of proprietary parts. Due to weaknesses within the third-party suppliers’ network, hackers used the vulnerability to their advantage. Knowing the third-party provider would not have the capital to pay combined with the proprietary data at stake, hackers knew Apple would forfeit the ransom.

It is imperative companies of all sizes assess their networks for weakness. A cybercriminal does not care if your business cannot survive after paying a ransom. They are looking for a quick payout. Many companies rely on third-party IT security professionals to help fill skills gaps to mitigate risks. There is no better time to ensure your company, big or small, has the right measures in place to keep your capital safe and secure.

How we can help
WVCT is here to help you assess your IT risks and support your overall security plan. To schedule a meeting today, connect with our Risk Services Practice Leader below.

Connect With Us.
Tiffany Pollard, CISA
Tiffany.pollard@wvco.com
wvco.com | 419.891.1040

Categories: Risk Services


Potential Fraud in Economic Injury Disaster Loan Program (EIDL) Program

Nov 03, 2020

The Small Business Association (SBA) issued a report back in July 2020 stating ‘serious concerns’ of potential fraud related to the EIDL Program. The SBA’s inspector general raised red flags about more than $78 billion in aid approved for businesses under the agency’s program — about 37% percent of the total amount distributed — and warned billions might have been fraudulently obtained by individuals taking out loans on behalf of companies.
WVC has received reports of this happening in Northwest Ohio. Fraudsters have taken loans out on behalf of companies and it isn’t until those companies apply for a legitimate new loan or go through a bank review are the fraudulent EIDL loans discovered.

As of today, the Federal Trade Commission has calculated $170 million in fraud losses related to COVID-19 of which roughly $2 million has occurred in Ohio and $3 million in Michigan. Cybercriminals began capitalizing on the ever-changing pandemic from the moment it began. It is unfortunate to hear, but a reality of the world we live in today.

As fraudsters exploit the ongoing pandemic, we wanted to share with you the suggested steps our in-house Risk Services Leader, Tiffany Pollard, recommends should you find yourself in a similar position:

  1. Work directly with the banking institution which experienced the fraudulent EIDL transaction and inquire if they will provide coverage for credit monitoring; and,
  2. Review the FTC website with recommendations on what to do when your personally identifiable data has been compromised:
    a. https://www.identitytheft.gov/Steps
    b. https://www.identitytheft.gov/Info-Lost-or-Stolen

To prevent such fraud, here are some recommendations you can do now:

  • Activate credit monitoring at the three credit bureaus for your business and personal credit.
  • Work with your banking institution to ensure you are using the available financial transaction monitoring available to detect fraud.
  • Ensure you have cybersecurity and identity theft expense reimbursement insurance. Cybersecurity and identity theft insurance can help you pay for expenses associated with resulting losses and provide tools to reduce the risk of additional fraud.
  • Complete a Security Assessment by an independent cybersecurity team. This evaluates current information technology systems to identify vulnerabilities and review the dark web for possible user name and password loss. Completing a preventative assessment can give you peace-of-mind knowing you have mitigated vulnerabilities within your network.

Having plans in place before such an issue occurs will enable your business to confidently manage such a tense situation. If you have any questions, please reach out to your WVC Advisor to Tiffany Pollard directly. WVC is here to help you.

Tiffany Pollard, CISA
Risk Services Practice Leader, William Vaughan Company
Tiffany.pollard@wvco.com | 419.891.1040

Categories: COVID-19


How to Protect Your Business from COVID-19 Phishing Scams

Sep 14, 2020

As the coronavirus (COVID-19) pandemic continues to impact businesses globally, cybercriminals are taking advantage of this crisis, through phishing tactics, for their financial gain. Phishing is the fraudulent attempt of a cybercriminal to act as a trusted source to gain sensitive information, typically resulting in financial gain for the criminal. Since January 1, 2020, the Federal Trade Commission has received more than 90,000 reports related to COVID-19 fraud with a total loss of $114 million since the beginning of the year.

Business owners already have the day-to-day operations of managing employment needs, fulfilling client orders, and running back-office tasks to manage; the list goes on and on. Having to worry about a phishing attack shouldn’t be one of those added tasks. However, a surge in COVID-related fake emails with dangerous attachments, links, and requests for personal information is our reality.

As teams work remotely, businesses have increased their use of web-based meetings. An example of a COVID-19 phishing scam involves the use of Zoom websites. Scammers are sending fictitious Zoom web address links, that when launched, download viruses that compromise the company’s data. These scams result in expensive fixes to restore company networks.

The Federal Bureau of Investigation (FBI) recently issued an alert warning which urged individuals to be on the lookout for the following red flags:

  • Unexplained urgency
  • Last-minute changes in wire instructions or recipient account information
  • Last-minute changes in established communication platforms or email account addresses
  • Communications only in email and refusal to communicate via telephone or online voice or video platforms
  • Requests for advanced payment of services when not previously required
  • Requests from employees to change direct deposit information

Here are some basic rules and best practices to protect you and your employees from falling victim to these scams:

Exercise caution – Don’t open emails from unfamiliar email addresses or contacts. Or if you receive an email that appears to be from a trusted source, but appears ‘odd’ call and verify with the sender the authenticity of the email.

Avoid clicking on links and opening attachments – Verify a link by hovering your mouse button over the link to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email and notify your IT department.

Get information about government actions regarding COVID-19 from reputable sources – For the most current information, visit the CDC and WHO websites.

Do not reveal personal or financial information – Emails seeking personal information like your Social Security number or login information is a phishing scam. Never respond to solicitations for this information. If you receive an email saying your shipment has been assigned a new ‘tracking id’ and you are asked to click the link to verify the update. Do not click the link. Instead, go to the website of the delivery service and enter the tracking id to verify if a change was made.

Do not use open or unsecure Wi-Fi for working remotely – Never use public wi-fi. When working remotely it is best practice to have a mobile wi-fi device that you can securely connect to.

Connect with your IT department – If you receive a suspicious email, forward the entire email as an attachment to your IT team. If you click on a link or open an attachment in a suspected phishing email, report any incident immediately.

If you are concerned about your company’s security controls or your phishing risk, connect with our team. We can assess your systems and provide value-added recommendations to protect your organization.

Tiffany Pollard, CISA
Risk Services Practice Leader, William Vaughan Company
Tiffany.pollard@wvco.com | 419.891.1040

Categories: COVID-19, Risk Services