The Triton


On Course: Don’t fall hostage to ransomware


On Course: by Jay Lasner

It can look legit. An email from a management company that appears genuine, from someone we may know and work with, asking that an invoice be reviewed and authorized so an actual vendor we are familiar with could get paid.
Seems harmeless enough to open the email attachment, sign off the invoice, and move on.

But four months later, a menacing skull and crossbones could splash across the computer screen, demanding payment of $1,000 in an online, anonymized currency in order to access the now-encrypted computer that has just been infected by ransomware.

Remember that innocent looking email a few months ago that looked legit?

This scenario is playing out more and more, and not a day goes by when the media doesn’t trumpet a new cyber attack. The most recent “big” one was Wanna-Cry. That one made the news because it shut down much of the U.K.’s National Health Service.

But many more malware variants, cyber exploits and ransomware – a form of malware that holds us hostage – continue to spew from the computers of cybercriminals intent on ruining more than just our day.

The AV-TEST Institute recently registered 390,000 new malicious programs per day, 12 million new malware variants per month.

There is a distinction between malicious and non-malicious cyber risks. The key is intent. Events may be the result of deliberate malicious acts or they may be unintentional. The cybercriminal sends the malware in an email; unknowingly we open it and unintentionally infect our computer network at the office or aboard ship.

The cyber theft “industry” has matured enough to offer MaaS, Malware as a Service. Much as we all currently use legitimate cloud services such as  Outlook, QuickBooks, Adobe and various email providers on the internet – all forms of SaaS, or Software as a Service – those with malice can, with no technical knowledge, run their own ransomware campaigns by simply subscribing to cloud malware services on the Dark Web.

That innocent-looking email I got a few months ago was really a spear phish – a highly targeted, carefully crafted phishing malware designed just for me. It was likely created through social engineering that used select information about me from social media, as well as information possibly from co-workers who innocently answered a few questions solicited in a phone call to the office, or other publicly available information about me.

Ever try searching your name in Google or Bing? Try it sometime.

I was fortunate enough to not open the email attachment, as legitimate as that email appeared. I was suspicious, analyzed the email’s metadata, made a quick verification phone call and confirmed that my hunch was right.
There are three foundations of any security process: people, policy and equipment. How these three elements interact determines the security outcome.

We can prepare our computers with firewalls and antivirus software. We can set up rules and regulations, things we must and must not do. But people continue to remain the weak link in the cyber security chain.

The Department of Homeland Security states: “End users of all descriptions are the weakest link and need to be made aware of phishing, password protections, identity theft and the like. They also need to be able to detect, diagnose and speak up when something doesn’t seem ‘quite right.’ ”

Security, including cyber security, begins with awareness.

All cybersecurity and risk management experts agree that education and training is a critical element to managing cyber risk. Though it can’t be eliminated, the risk can be managed. Most feel that 80 percent of the risk can be mitigated by appropriate management of people, policy and equipment.

Start by having a high degree of suspicion, not opening attachments or links in emails you weren’t expecting, and if you think it is legit but you aren’t quite sure, confirm that it is, in fact, legit first. It will help keep “Your Career On Course.”

Jay E. Lasner is chief executive officer of Bluewater Crew Training USA in Fort Lauderdale. Comments are welcome below.

Related Posts...
On Course: by Clive McCartney A quick check of Marine Read more...
On Course: by Clive McCartney Earlier this week I enjoyed one Read more...
On Course: by Clive McCartney The dog-eared copy of the Read more...
On Course: by Kevin Petrovsky When we think about training Read more...
On Course: by Capt. Brian Luke Gaining and verifying sea Read more...

Share This Post

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

Editor’s Picks

Triton networks with Culinary Convenience

Triton networks with Culinary Convenience

A brisk South Florida evening was the perfect setting for outdoor Triton networking with Culinary Convenience on the third Wednesday in …

Refit18: Show focused on refits grows 28 percent

Refit18: Show focused on refits grows 28 percent

As yachts age and yacht owners personalize them, the refit industry continues to grow. The third annual Refit International Exhibition …

Hot trip on the Hudson highlights perils of procrastination

Hot trip on the Hudson highlights perils of procrastination

By Capt. Bruce Gregory I've made 40-plus offshore passages from 50 miles to 1,500 miles in boats from 8-foot dinghies to 80-foot tugs; …

Top Shelf: The Birth of Aki-Maki

Top Shelf: The Birth of Aki-Maki

Top Shelf: by Chef Tim MacDonald Many years ago on Huntress, I was taught about the theory of “POP”’ on a yacht. The owner …