Incognito — July 2023: Ransomware is Back

Welcome to the July 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month: 

• Why ransomware is now a bigger threat to you than ever. 
• Recommended reads, including “Cyber Attack Exposes the Personal Information of Millions of Americans.”
• Q&A: Is there any risk with opening phishing emails?

Here’s why ransomware is a problem in 2023 and what to do about it. 

Ransomware Is Back…

We’re in a “ransomware renaissance.” 

Ransomware attacks at the start of this year have been far above what’s considered normal levels. For example, in March 2023, there were 60% more attacks than in 2022 and 141% more than two years ago. Today, nearly three-quarters of cyber-attacks involve ransomware. 

Ransomware Targets Your PII

It’s hard to say for sure whether the total number of ransomware incidents this year will be higher than the previous years. But what we do know for (almost) a fact is that you will likely end up inadvertently involved in at least one attack. Or at least your personal data is. 

The reason why is that ransomware groups are changing their methods and targets, and almost every type of organization you interact with is in the firing line.

Ransomware groups are no longer just encrypting data and demanding a ransom to decrypt it. They’re stealing it and – regrettably often – leaking it, too. With data a priority, ransomware criminals are going after healthcare providers, educational institutions, and local governments (among other organizations) just as frequently as traditional corporate targets. 

Why does this matter? As organizations, including schools, hospitals, pharmacies, and government agencies like the DMV, come under attack, our personal data is at increased risk of exposure. Whether this data is sold or leaked, anyone can use it to steal our identities or carry out financial fraud. Following a ransomware attack on Toledo Public Schools, a parent said someone attempted to take out a credit card and car loan in their kid’s name. 

How You Can Reduce Ransomware Risk

Most ransomware is delivered via email. In fact, phishing emails are the main ransomware attack vector. 

As a result, the best thing anyone can do to avoid making the ransomware problem worse by enabling an attack is to avoid clicking on suspicious emails. This is, of course, easier said than done, but generally involves: 

• Keeping your personal information off online sources, including social media and data brokers (personalized emails are much harder to spot than generic ones). 
• Double checking that each email is legitimate (for example, ensuring the sender’s email address makes sense, etc.) before clicking on any links or attachments. 
• Staying on top of popular phishing campaigns. News outlets often have stories of recent phishing scams going around. 

The more people recognize phishing emails, the fewer successful ransomware attacks we’ll see (at least until cybercriminals find another vector), and the less likely your personal data will be exposed. 

Extra Ransomware Protection

Other than not clicking on unusual emails (plus limiting how much data appears about you online and staying on top of phishing trends), always:

Follow best practices. Use strong passwords and enable multi-factor authentication. Where it makes sense, you can use masked details like virtual phone numbers and credit cards. Also, change your passwords if an organization you’re with suffers a ransomware attack. Before you say duh – you’d be surprised how many people don’t do this.

But with ransomware attacks happening so frequently, you really need to:

Be vigilant. Keep an eye on your credit score; check your bank account statements; be on alert for anything unusual happening with your other online accounts; and so on. 

Recommended Reads

Our recent favorites to keep you up to date with digital privacy. 

Cyber Attack Exposes the Personal Information of Millions of Americans 

Flaws in the MOVEit file transfer software have enabled a massive, ongoing wave of cyber attacks on hundreds of organizations. As a result, millions of Louisianans and Oregonians have had their personal data exposed. Data possibly compromised includes driver’s license and social security numbers, but it does not look like it was released or sold. The attack is attributed to the Clop ransomware group.

Huge Phishing Campaign Impersonates 100 Well-Known Brands

A massive brand impersonation phishing campaign has been making the rounds. Scammers are spoofing brands like Nike, Tommy Hilfiger, and Columbia to get people to share their financial details and credentials. The campaign involves about 3,000 domains and 6,000 sites, with domain names generally following the format of “brand name” with “city” or “country,” plus “.com”.

Data of 8 Million Zacks Users Exposed on a Hacking Forum

The personal data of 8.8 million Zacks Investment Research (Zacks) users is circulating on a hacking forum, according to Have I Been Pwned founder Troy Hunt. The database includes usernames, email addresses, names, phone numbers, addresses, and unsalted SHA256 passwords, among other information. It’s believed the database was dumped in 2020, before the Zacks breach earlier this year. 

Web Skimmer Attacks Steal PII and Financial Information

Cybercriminals have infected an unknown number of legitimate e-commerce sites with malware that skims personally identifiable information and credit card data from users in North America, Europe, and Latin America. Because the infected sites act as makeshift command and control servers, they also inadvertently distribute malicious code – something that makes this attack more dangerous than a typical Magecart attack. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: Is there any risk with opening phishing emails?

A: Generally, there’s no risk of malware infection if you just open and look at a phishing email. The risk comes from clicking on links and attachments. That wasn’t always the case, though, hence the misconception. 

But the risk of inadvertently sharing some of your data with cybercriminals? That might still be there – even if you don’t click on anything or respond to the email with personal information. 

The reason why is that some email clients load images that are embedded in the email automatically. This means that if you’re using an email client where automatic image loading is enabled, and you open a phishing email, scammers might be able to get their hands on data like your location, what email client you’re using, what operating system you’re on, etc. 

For this reason, it’s a good idea to ensure automatic image loading is disabled on your email client. PCMag has a guide on how you can check that this is the case on Gmail, Apple Mail, Outlook, and Yahoo! Mail. 

Bonus: blocking automatic image loading will also stop marketers from being able to track you. 

Q: Should I enable do not track?

A: No – you should enable Global Privacy Control (GPC) instead. 

We have a blog post on why (and how) on our blog, but to summarize:

• Do Not Track (DNT) did not get enough support, and the project was disbanded in 2019. 
• Global Privacy Control (GPC), a mechanism for automating opt-out from the sale/sharing of data, has more or less replaced it. 
• Because GPC is enforceable under legislation like the California Consumer Privacy Act (CCPA), experts are optimistic it will succeed where DNT has failed. 

To get started with GPC, use a supported browser or browser extension. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.