Cyber criminals are certainly aware it’s tax season, and you should be too.  Cyber criminals are trying to dupe you into believing you are sending them a legitimate tax document, or they are calling you to convince you they are tax examiners and need your personal information.  BE CAUTIOUS! 

  • Is the emailers address really what it looks like? 
       Right-click to see full email address.
  • Is that link really going where it says it’s going? 
        Right-click to see full web address.
  • Is that caller really from the IRS? 
        Hang up and call the IRS yourself with the phone number you find online. 

Check out the tax tips and action plan resources offered by the Center for Internet Security, and review the MEL’s “Email Dos & Don’ts” infographic below. 

 See additional Cyber resources below and visit our Model Risk Control page.

Cyber / Network Security / Privacy

This coverage is provided by XL Catlin (and Beazley if you purchase excess), not your local JIF.

  • First Party | Includes coverage for cyber-related Business Interruption, Data Recovery and Cyber Extortion
  • Third Party Liability | Includes coverage for Privacy and Security events suffered by third parties for your wrongful acts, and Privacy Regulatory Defense, Awards and Fines
  • Data Breach Response and Crisis Management | Includes costs you incur for data breach response providers (legal, forensics, etc.) arising out of a data breach

Claim Reporting

  • Step 1 | Notice of incident or claim made to the JIF claims administrator.
  • Step 2 | Call the 24/7 XL Data Breach Hotline at 1 (855) 566-4724 for immediate triage assistance.

Please note: contacting the data breach hotline does not satisfy the notification requirements of your policy.

Cyber Task Force Security Update

New Ransomware – Ryuk

The MEL saw a number of cyber claims at the very end of 2018.  While the holiday season is a very popular time of year for cyber criminals, the number of claims was unusually high. As the incidents are being dissected, the MEL is noticing most of the claims containing a new strain of ransomware, called Ryuk.

The New Jersey Cyber Communications and Integration Cell (NJCCIC) reported in late August the Ryuk strain was first detected in early August of 2018 by Check Point Research, a leading cyber threat intelligence company. According to Check Point’s report, the Ryuk strain seemed to be related to other existing ransomware, indicating the same creator. The NJCCIC update indicates Ryuk is very advanced, killing many processes and embedding itself deep into the system, in addition to deleting backup files, making it difficult to successfully overcome.

The criminals appear to have learned that designing such advanced malicious software with a high success rate would pay off, as the ransoms demanded have been over $100k in each incident……and that is in bitcoin, of course (15 BTC – 50 BTC). In addition, the ransom escalates each day by 0.5 BTC.

Ryuk seems to enter via email phishing campaigns, weak Remote Desktop Protocol (RDP) passwords, and stolen credentials. Once the system is infiltrated, the attacker patiently waits and escalates their privileges until become an administrator on the system.

The MEL Cyber Risk Management Program offers key security recommendations which would help against these attacks, such as patching, requiring regularly updated passwords, good backup practices and cyber hygiene training. In addition, sources, such as Sophos and KnowBe4, recommend controlling RDP access, utilizing VPNs, initiating two-factor authentication, automatic lockout after a few password attempts and highly restrict administrative privileges.

In the recent news, Ryuk Ransomware was reported at the Chicago Tribune, Recipe Unlimited (Canadian Restaurant chain) and (a cloud hosting provider).

Click here to visit Check Point’s initial publication on Ryuk.

Click here to download this bulletin.