Posts

Feds Take Down Ransomware Gang, Aid Victims

In a sign of its aggressive new posture against cyber criminals, the United States government infiltrated and compromised the Hive ransomware gang, blocking hundreds of millions in ransomware payments and seizing control of the gang’s website. No arrests were announced, but authorities in Germany and The Netherlands were able to seize the ransomware gang’s servers.

Hacking the Ransomware Hackers

Ransomware attacks are among the most costly for businesses and organizations. These attacks typically begin with criminals using stolen passwords found on the Dark Web or acquired through phishing attacks. Once ransomware hackers have access to online systems, they encrypt all of an organization’s data and lock it behind a password. They then demand a ransom in cybercurrency, such as Bitcoin, in exchange for a key that will unlock the encrypted data.

To shut down Hive, U.S. investigators infiltrated the gang’s network. They learned about planned attacks, including a Texas school district and a Louisiana hospital, then stole the ransomware decryption keys and gave them to the targets. When the ransomware attacks began, organizations were able to immediately restore their systems with the encryption keys, saving millions in ransomware payments.

The operation represents a significant shift in how Federal authorities approach cyber gangs. In the past, U.S. authorities attempted to recover ransoms after payment, with limited success. The move against Hive ransomware represents a significant escalation in response, known to be part of the Biden Administration’s draft cyber security plan,  that sees law enforcement partner with victims ahead of an attack to prevent damage and financial loss.

Ransomware Risks Remain

While Hive was one of the better-known ransomware gangs. there are many more carrying out these attacks who will not be deterred by a single U.S. government success. A Verizon report on cyber crime in 2022 found that ransomware attacks rose by 13%, a larger increase than the past 5 years combined. Criminals can now buy ransomware online, in late 2022 a Microsoft study found criminals using it to steal data and wipe systems clean, removing all traces of their activity, without making a ransom demand.

Regardless of the nature of the attack, ransomware victims tend to have a few things in common:

  • They operate critical infrastructure used by the public.
  • They appear to have budgets that support multimillion-dollar ransom requests.
  • Their cyber defenses have vulnerabilities ripe for exploitation.

Verizon reported that 20% of data breaches resulted from social engineering. Public-facing organizations face greater risks for intrusions and compromise due to the nature of their work, which makes cyber security awareness training essential.

Aggressive action from the Federal Government against cyber criminals is a positive development, but businesses and organizations cannot rely on it to ensure security. Employee training, strong cyber defenses and advance warnings from Dark Web monitoring still provide the best protection against intrusions and fraud. Protect Now provides support for small- and medium-sized business that work extensively with the public. Contact us online or call us at 1-800-658-8311 to improve your cyber security.

Protecting Yourself from Cyber Extortion

You might not think that you could ever be a victim of cybercrimes, but you would be incorrect. You are just as much of a possible victim than anyone else, and you have to know how to protect yourself.

passwordOne of the easiest ways that hackers can get victims is to trick people into clicking links in emails or opening attachments. Something as simple as this can easily lead to viruses and other security issues, like ransomware, and no one is ready to deal with this.

Cyber extortion is on the rise, and it involves infecting a computer with ransomware, which means the victim will not be able to access their files unless they pay money via bitcoin to the attacker. This software is installed when the victims click on links in emails.

Many of these emails ask for information that is sensitive. If you get one of these emails, you should have alarm sounding off. If you don’t, you could, blindly, give the hacker information about you, such as your passwords, account numbers, or worse.

Extortion Prevention

Here are some things that you can do to prevent yourself from cyber extortion:

  • Install a password manager software
  • Don’t use the following in your passwords: words or names that are obviously yours, any keyword sequence (ZXCVB), any password under eight characters, or anything easy to guess.
  • Make sure every account has a unique password.
  • If an account offers it, enable two-factor authentication. Each time you try to log in, you cannot gain access to the account unless you insert a one time code, which is delivered to your phone via text. If someone contacts you and asks for a code like this, you should hear alarm bells in your head.
  • Create passwords with a mix of letters, symbols, and numbers. Randomly choose these like a toddler would if they were typing and add them to your password manager.
  • Don’t ever click on any link that comes to you via email unless you confirm its legitimacy with the sender. A single click might download a virus, or you might be directed to a site that can lure you into typing your username, password, and other information. A red flag that you might be at risk of doing this is if you get an email that says, “Your Account Was Suspended.”
  • Often, these emails seem like they come from a source you trust like PayPal, a bank, the IRS, or your employer.
  • You also might see a sense of urgency in these emails, such as “Act within 24 hours” or “You must…”
  • Don’t open any attachments including those from a person or company that claims they want to offer you a job.
  • Do not post any sensitive personal information on your social media accounts. Hackers can use this information to figure out login information.
  • Have a business email account and a personal one.
  • Don’t connect to public Wi-Fi and do anything like shopping or banking. If you don’t have a choice, you can browse by using a VPN, virtual private network.

Some of this might sound like a pain, or even inconvenient, but believe it or not, you are a target for hackers, and they are just waiting for you to take the bait.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

SMBs Including Real Estate, Watch Out for these Cyber Security Threats!

There used to be a time when hackers only targeted retailers, but these days, they can target almost any business in any industry, especially those that are not aware of the best cyber security practices.

cyberattack

One of these groups is the real estate industry, and according to a recent survey, approximately half of all businesses in real estate are not prepared to handle any type of cyberattack. Though Federal law requires specific industries, like banks and hospitals, to have security in place, the real estate industry is not one of them. If you work in real estate, here are some common cyber security threats to keep an eye out for.

Business Email Compromise – BEC

A BEC, or business email compromise, is a type of cyberattack that tricks a company into wiring cash into the bank account of a criminal. Hackers do this by “spoofing” email addresses, and then then sending messages to recipients that look like they are coming from someone they trust, such as the CEO or the head of accounting.

This happens a lot; the FBI has found that billions of dollars have been lost due to BEC scams. Yes, this is pretty scary, but there is more. The FBI has also said that those in the real estate industry are targeted, and anyone who participates in a real estate transaction is a possible victim.

Wire Scams During Mortgage Closings

There are also scams during closings. Here’s how it works. Before the sale of a home is complete, the buyer gets an email from their Realtor, a title attorney, or another trusted person in the industry with the details of the date, time, and locations where the closing will take place. Scammers know this, so they create a different email that tells the buyer where to wire the money. But it’s right to the bank account of the scammer. Within minutes of the transfer, the money is pulled out of the account, and the scammer is gone.

The Internet Crime Complaint Center, part of the FBI, shared statistics that from 2015 to 2017 there were more than 10,000 victims of these scams, and the losses here totaled more than $56 million…and it’s growing all of the time.

Ransomware

Another thing that those in the real estate industry need to be aware of is ransomware. This is a type of malware that shuts down a network or a device so that you can’t get into it until you pay up. This is a very profitable scam for hackers, and it is becoming very popular year over year. All it takes is one person on your team to click on a link, and the entire network could be compromised.

Keep in mind that ransomware attacks don’t just target computers. These attacks can target any devices that connects to the internet, including smart thermostats, smart lights, and smart homes. When a digital device gets a ransomware infection, they stop working.

Malware

Though most people have heard about ransomware, there are other forms of malware, too. For example, you have likely heard of spyware or Trojans, which are still out there. Specifically, these are used for cybercriminals to spy on those they are targeting. They can get access to a victim’s bank account, or even steal their email inbox. Hackers also use malware to steal personal info or employee information, and they can get things like personal client information Social Security numbers, credit card numbers, and more. Just knowing this, you can understand why those in the real estate industry are targets.

Cloud Computing Providers

If you work in the real estate industry, your livelihood is at risk thanks to cloud computing. This, you might know, is a more economical way to backup information, so while it is necessary, there are risks. However, hackers can get into these “clouds,” and if they do, they can get access to all of the data in there.

It may seem that by using a cloud computing company that you are actually lowering your risk of becoming a target, but the truth is this: there is still a risk because your devices are likely not as secure as you think, and your passwords are probably not as strong as you think. This means making sure you’re not using the same passcode for any other accounts and enabling two factor authentication for everything.

Don’t Let Your Real Estate Company Become a Victim of a Cyberattack

Now that you know your real estate company can be a target of a scammer, you may wonder how you can lower your risks. Here are some great tips:

  • Write New Policies – One thing you can do is to write new policies to keep things safe. For instance, when you think of BEC scams, if you have a policy in place where you ban wiring money to someone based only on information from an email, you won’t have to worry about BEC scams any longer. Instead, make it a rule that you must talk to the person sending the email, and you must be the one to make the call to confirm. Don’t call the number that is in the email, though. Confirm that it is correct. It could be the number of the scammer.
  • Teach Your Staff – You also want to make sure to have better training for your staff. Most of the attempts at hacking come from email, so when you train your staff to stop blindly opening attachments nor click on links in emails, you can protect yourself from these scams. You also should look into a Cyber, Social & Identity Protection Certification This is where you can learn more about the methods and strategies that you can employ to cut down on any incidents. You can also learn about developing procedures that help keep your clients safer.
  • Teach Your Clients – Speaking of clients, you want to help them, too. All wire scams having to do with closings can be prevented in most cases. Make sure your clients know that in the process of selling or buying a home, there are going to be a lot of emails floating around, including those from Realtors, mortgage companies, insurance companies, home inspectors, real estate attorneys, and more. Make sure they know that before clicking on anything or wiring money that they should first call their Realtor. They should never, ever send money unless they get the go-ahead to do it, and then they still need to make sure to confirm that the transfer is going to the right place.
  • Back Up Your Devices and System – Always make sure that everything is backed up, including your devices and your network. This way, if you do get hacked, you won’t have to pay a ransom, and the information is easy to get back.
  • Check on Cloud Computing Contracts – It is also a good idea to look into what you are getting from your cloud computing provider. They don’t like to take responsibility for a cyberattack, and there might even be something in your contract with them that says they won’t. So, you should start your own negotiations with the company in question about what you can do about something like this.
  • Buy Cyber-Liability Insurance – Finally, you should consider getting cyber-liability insurance. This could definitely help make things less risky for your real estate business. There are all types of different policies out there, so do some research or speak to a professional.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Survey Shows Most People Back Up…But Not as Often as They Should

According to a new survey, we now have a good idea of the habits of the regular person in regard to backing up their devices. The survey, which covered almost 3,000 people, looked at people around the world. What it shows is that 91 percent of people back up their devices and their data. But, 68 percent of people still lost data because of a different reason. These include accidentally deleting the data, software or hardware failure, or even because they hadn’t backed up their data recently. The truth is, only 41% of companies and people back up each day, which leaves most of us…and most businesses…vulnerable to data loss.

surveyThe data from this survey stress how important it is to implement some type of cyber protection strategy for a business, which includes backing up data several times a day, and using the 3-2-1 backup rule. This is creating three copies of your data (a single primary copy and two backups), storing your copied on two different types of storage option, and then storing one of the copies in the cloud or remotely.

Change the Game with Cyber Protection

With more cyberattacks happening all of the time, the traditional methods of backing up our data is no longer working. We simply cannot rely on only backing up our information. It is way too dangerous.

Cybercriminals will target backup software with their own ransomware, and then try to modify the files, which makes it even more important to protect your information.

Recommendations for Cyber Protection

There are a number of different ways you can protect your personal or company’s information. Here are just five things you can do to ensure that your data is relatively safe:

  • Create a backup of your most important data…always – Keep a number of different copies of your backup locally and in the cloud. You want to do it locally so you can access it quickly and frequently, and you want to save it in the cloud to make sure that even if there is a fire, flood, or other disaster, your data is safe.
  • Ensure your OS and applications are all the current versions – If you are not updating your OS or apps, it means that they are much more vulnerable to getting hacked. These updates often contain patches and fixes that can keep cybercriminals out.
  • Beware of any suspicious links, emails, or attachments – Most ransomware and virus infections are created by using social engineering, and they trick unsuspecting people into opening these infected attachments or clicking on a link that installs malware to the device or network.
  • Install anti-virus, anti-ransomware, and anti-malware software – While you are doing your automated updates for your apps and OS, you should also be using all of these different software options, too.
  • Consider using an integrated cyber protection solution – You want to choose an option that combines anti-ransomware, anti-virus, backup, patch management, and a vulnerability assessment all in a single solution. This type of solution increases efficiency, ease of use, and the reliability of your protection.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

 

Protecting Your Company and Yourself from COVID-19 Hackers

Many people are asking how they can not only protect themselves, but also their organizations, from all of these COVID-19 hacks that are currently popping up.

As with any other phishing scam, vigilance is extremely important. We are certainly going to have to keep on our toes for months, or even years, as this fallout from the pandemic could be around for a long time.

You have to be suspicious of each and every unsolicited email, phone call, or text, especially if someone is looking for account or contact details, or they ask to share personal information. If you feel like information seekers are asking for too much, you should vet the email, dig deeper, do some web searches, and make sure its legitimate.

Don’t use any links or phone numbers within the email of based on the call until you do this. If you get a recorded message, make sure you don’t press any button when asked. If you do, you may be giving them some type of approval and you end up being a victim.

  • In response to ransomware, you should make sure that you are totally backing up your data on all of your devices.
  • For any online account you have, set up or turn on two-factor or multi-factor authentication when you can. This, at least, makes those accounts less likely to be breached, even if someone does get ahold of some of your information.

You might think this is a pain right now, but it definitely won’t be a pain if your information is breached and you start to lose money.

There are many organizations that are being forced to give their employees access to their networks from home…and in most cases, they never planned for that. This working from home increases the criminals attack surface. So, the network is probably more vulnerable, and in some cases, security policies and processes are even being bypassed to ensure all employees have access to it. This comes at a big risk, and with every employee who has access to the company network, there is an opportunity for a hacker to get inside.

Most cybercriminals who go for this type of hack want to get access to this so they can get sensitive information and turn it into cash. Other hackers want to go big time, and they will use the credentials that they are hacking to use in attacks like “password stuffing/spraying,” to access multiple critical user accounts. With a larger “attack surface”, these companies are definitely at risk and because of staff working from all over the place, any attempt to break into the network could go unnoticed until it is too late.

Corporate cybersecurity and IT teams are working hard, but they, too, are generally working from home. With even more workload and more remote information to go over, this also means that they don’t have the time to pay as close attention as they should. This makes things even more dangerous, so keep your eyes open.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Malware Hack Attacking the Grid…BIGLY

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Researchers Say Office of Personnel Management Hack Leads to Ransomware

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Top 3 Social Engineering Scams

Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.

There are four main ways that hackers use social engineering:

  • Phishing – where hackers use email tricks to get account information
  • Vishing – similar to phishing, but through voice over the phone
  • Impersonation – the act of getting information in person
  • Smishing – getting account info through text messages

Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.

Here are the top scams that all consumers and businesses should know about as we move into 2017:

Scam Using the IRS

Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.

In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.

BEC or Business Email Compromise Scam

In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.

Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.

Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.

Ransomware

Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.

At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.

The way social engineering works in this scam is varied:

One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.

Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.

Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ransomware a $2.5 Million Service

One bitcoin = $590.

11DIf you’re sucked into a ransomware scam, you’ll likely be charged at least one bitcoin for the cyber key to unlock your computer’s files—that are being held hostage by hackers.

A report from Check Point Software Technologies and IntSights has discovered a gigantic ransomware-as-a-service (RaaS) ring, raking in $2.5 million yearly. Eight new scam campaigns are launched every day, with dozens of campaigns already in action, tricking people into allowing the ransomware software (namely Cerber) to take control of their computer.

Just in July, it is believed that victims were cleaned out of $200,000. Ransomware specialists have become quite sophisticated, having developed what is called bitcoin mixing: This prevents ransomware profits from being traced. Their technique bypasses even the blockchain, which is a database that records every Bitcoin transaction.

The crooks so not pool all of their profits into one “wallet,” but rather, they mix things up, splintering the profits into thousands of different wallets, creating a jumble that makes it impossible to track individual transactions or their origins.

Cerber is being sent out with automated tools that attack the unsuspecting in large masses; no longer is this ransomware software the weapon of only the highly skilled master hacker. In fact, the software can even be rented for malicious use, and a high level of tech savvy isn’t even required.

All a thief need do is get on the Dark Web and pay a hacker to commit the crime. Of course, the hacker will have to get a nice chunk of the pie. Though several other countries are getting hit harder with Cerber, the U.S. is in the fourth spot for the most targeted country.

Not surprisingly, the phishing e-mail is the scam of choice for ransomware specialists, with malicious attachments that recipients are tricked into opening—which then download the infection. The other way that Cerber takes control of computers is via the exploit kit-based campaign.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.