Huge chunks of information from Yahoo's networking service and information was stolen by just four individuals. Personal messages from Yahoo user's were also stolen and have been included in the criminal activity. Out of the group of 4 hackers, two were FSB members (Russian's Federal Security Services), and the other two were previously known hackers that had no relation to the FSB.

 Scam requests for W-2's

Numerous scams have been happening through emails. The scam consist of requests for W-2 information from individuals. The scam emails are designed to look like they was sent from a CEO or other excuitive member, asking for employees W-2 information.  The FBI and IRS have posted warnings about this criminal activity and have stated the volume of the scam emails have increased drastically. 

 

Already Victimized

These trends are practical things that will help you keep your network safer with improved defense-in-depth.

1. A move from being defensive to a more proactive approach to IT security, for instance application firewalls that actually work and are easy to deploy.
   
   
2. Machine learning that *works* spreads out to legacy endpoint security tools, and is able to do real-time payload analysis to prevent ransomware attacks.
3. You will finally get affordable and smart enough network traffic analysis tools that will show if your network has been penetrated, combined with:
4. Platforms that will show you understandable threat intelligence with analytics and reporting that will dramatically shorten the "dwell time" of hackers in your network.

Tip #1:  Educate users on best security practices

Education is still the best way to help your business avoid infection by ransomware or any other form of malware.  Make your employees aware of pupular social engineering methods and tactics so they don't fall victim to phising emails or spoofed messages.  It is particularly helpful to share examples of these kinds of emails and the types of attachments that are often associated with social engineering attempts so that end users know to avoid them.  A managed services provider is well equipped to help you deliver this sort of training,

Ransomware is malicious software that encrypts files, locks the computer, and retains control until the user pays a certain amount of money. Ransomware can appear in two forms — either by locking your screen with a full-screen image or
webpage to prevent you from accessing your PC, or by encrypting your files so they can’t be opened. 1

While each ransomware variant has its own twist, there are a few key components that most ransomware types follow: