Cyber extortionists are hitting hedge funds
Hedge funds are increasingly targeted by cyber extortionists, John Carlin, US Assistant Attorney General for National Security, has warned the audience at the SALT hedge fund conference held last week in Las Vegas.
Encrypting a user’s or an organization’s important files via crypto ransomware then asking for money to decrypt them has proved very lucrative for cyber crooks.
Not only do many individual users fall for the scheme and ultimately pay the ransom, but so do businesses and organizations that should have their files regularly backed up and that you would not expect to comply with the crooks’ demands (e.g. police departments).
According to Carlin, the US Department of Justice is currently working with several hedge funds that have become victims of cyber blackmail, and he encouraged others who are in the same predicament to ask for their help.
“We are seeing nation-state action – from Russian, China, Iran and North Korea – target your companies and what you have, day in and day out, to use your information against you,”
He told the crowd that it’s not only Russian, Chinese, Iranian and North Korean state-backed attackers that have US companies and hedge funds in their sights, but “jihadist” terrorists and criminal organizations as well.
The ransom asked in these situation is much, much higher than the usual one demanded from individual users and organizations that are not in the financial industry. While the former can expect a ransom that rarely passes $1,000, hedge funds and other financial organizations and investment firms will be asked to pay millions of dollars in order to get their information back.
Carlin also tried to reassure the crowd that collaborating with the FBI and prosecutors will not result in the government misusing access to the companies’ corporate secrets, Kaja Whitehouse reports.
He pointed out that government involvement in a breach investigation can be a definite plus when customers and shareholders are made aware of the fact that a breach happened, and become angry and accuse the companies that they didn’t do enough to protect themselves and the data they hold.
“The bad guy is not the company that has been breached. The bad guy is the nation state or the perpetrator of the breach,” he pointed out, and this is they point they want to drive home.