Here a hack, there a hack, protect yourself from hack attacks
June 23, 2021
One of the major concerns occupying US government officials in the last few years has been the hacking of American businesses, health care facilities, utilities, and the government itself. Ransomware hacks are especially concerning. If these large entities get hacked, what hope do average Wisconsinites have for keeping their information safe?
On June 9, JBS USA, the world’s biggest supplier of beef with a facility in Green Bay, confirmed it had paid a ransom of $11 million to criminal hackers who had invaded the company’s operations on May 30. JBS conferred with both internal and third-party cybersecurity experts on whether or not to pay that ransom. It also consulted with the FBI.
“This was a very difficult decision to make for our company and for me personally,” JBS CEO Andre Nogueira said in a press release. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
The company revealed that it spends more than $200 million annually on IT, even though the US government has long advised that entities not pay ransomware hackers. Through press releases, JBS credited its own “robust IT systems and encrypted backup servers” for a swift recovery from the hacking. The company had shut down all its beef-producing plants, including the one in Green Bay. There was no production on June 1 and production resumed around 10 a.m. on June 2, according to WBAY in Green Bay.
James Lee, CEO for Identity Theft Resource Center, explained to WBAY cyberattacks like these happen in stages through different entities.
“One group will actually find a flaw in the company, another group will exploit the flaw, the third group will actually conduct the attack and the fourth group actually collects the payment,” Lee said. “So it runs just like a legitimate business would run, except it’s an illegitimate business.”
The hack of JBS didn’t only impact the Green Bay facility. Branches in Australia and across North America also suffered shutdowns. Other hacked companies have also paid ransoms. A Russian ransomware group called DarkSide previously held the Colonial Pipeline up for $4.4 million in bitcoin but recovered $2.3 million when the US government seized the money from DarkSide accounts. The $2.1 million difference occurred because in the interim the worth of bitcoin fell.
If companies like these that spend millions every year on IT and security can get hacked, what hope do consumers have in protecting themselves? Lee and former NSA hacker David Kennedy (as told to Insider) have advice companies and consumers can take advantage of:
- Make sure your software and applications are up to date, especially when updates contain improvements to security.
- Maintain regular backups. Back up your phone, tablet, and computer to a secure place, such as an external hard drive.
- Educate yourself on what phishing emails and text messages look like. Criminals fashion these messages and emails so they seem to come from common entities (Amazon, Apple, Social Security Administration, etc.). They seek to tempt consumers to click on a link, which then loads malware onto their device and gives criminals access.
- Use two-factor authentication to optimize security.
- Don’t use the same password for many accounts, and don’t use easily discovered passwords that rely on memory cues like a child’s name or birthdate or a phone number. Instead, use a combination of symbols, numbers and letters to make it harder to discover.
- Change your passwords regularly and don’t reuse passwords.
- Don’t over-share on social media platforms. This includes “checking in” at certain spots or revealing your spending habits.
- Be skeptical. Phone calls, emails and text messages that offer you something that sounds too good to be true most likely are too good to be true.
- Guard your personal information like gold, because it is valuable to criminals. Keep numbers such as your social security, bank account and others safe and do not share.
- Check to make sure platforms that have your personal information haven’t been compromised at https://haveibeenpwned.com/ or another data breach detection site. Then take action.