Countering the ransomware threat

The risks of becoming a victim of a ransomware attack continue to increase as criminals exploit organisational vulnerabilities and typically use spear-phishing emails to target potential victims.  According to Europol cases have been rising alarmingly in the past few months and have brought critical activities such as hospitals and governments to a standstill.

Garmin was a recent victim of a cyber attack that encrypted some of their systems. The alleged ransomware attack is thought to be the work of ‘Evil Corp’, a group of Russian hackers that allegedly mainly targets US corporations.  Garmin services started to go offline on Thursday 23 July 2020 and many of the most popular services, including Garmin Connect and most of the Strava integrations, were unavailable to users over the weekend period.  According to Garmin ‘Affected systems are being restored and we expect to return to normal operation over the next few days.’

To counter ransomware a free scheme called No More Ransom is helping victims fight back without paying the hackers. Since its launch four years ago the No More Ransom decryption tool repository has registered over 4.2 million visitors from 188 countries and has stopped an estimated $632 million in ransom demands from ending up in criminals’ pockets.

Powered by the contributions of its 163 partners, the portal has added 28 tools in the past year and can now decrypt 140 different types of ransomware infections. The portal is available in 36 languages.  All the key figures can be seen in Europol’s dedicated infographic.

How No More Ransom works

No More Ransom is the first public-private partnership of its kind helping victims of ransomware recover their encrypted data without having to pay the ransom amount to cybercriminals.

To do this, simply go to the website nomoreransom.org and follow the Crypto Sheriff steps to help identify the ransomware strain affecting the device. If a solution is available, a link will be provided to download for free the decryption tool.

Prevention remains the best cure

No More Ransom goes a long way to help people impacted by ransomware, but there are still many types of ransomware out there without a fix. Fortunately, there are some preventative steps you can take to protect yourself from ransomware:

  • Always keep a copy of your most important files somewhere else: in the cloud, on another drive offline, on a memory stick, or on another computer.
  • Use reliable and up-to-date anti-virus software.
  • Do not download programs from suspicious sources.
  • Do not open attachments in e-mails from unknown senders, even if they look important and credible.
  • And if you are a victim, do not pay the ransom!

Do you have an innovative solution for ransomware families not covered yet in the portal to help victims recover their files without giving into the demands of the criminals? If so then Europol would like to hear from you.

What is Ransomware?

The EAST Payments Task Force (EPTF) defines ransomware as ‘A type of malicious software designed to block access to a computer system until a sum of money is paid.’  It is a form of data compromise.  An overview of all EAST Fraud Definitions can be seen here.

Tips and Advice From Europol

 

50th EAST Meeting hosted by PSA in Vienna

The 50th EAST Meeting (National Members) was hosted by Payment Services Austria (PSA) in Vienna on 12th February 2020. The meeting was chaired by Martine Hemmerijckx of Worldline NV/SA, who co-founded EAST with Lachlan Gunn, EAST Executive Director, in 2004.

This was a milestone meeting and the last in the current format as, in June 2020, EAST will hold its 1st Global Congress.  In recognition of her work in founding and supporting EAST, and on behalf of the EAST Board and members, Lachlan presented Martine with an award.

National country crime updates were provided by 20 countries, and a global update by HSBC.  Topics covered included payment fraud and the continuing evolution of payment technology and related threats, terminal related fraud attacks, malware and logical attacks, and ATM related physical attacks.

The Criminal Intelligence Service Austria presented on the prevention of e-commerce fraud.  The European Cybercrime Centre (EC3) at Europol gave a presentation on forthcoming Europol activities for 2020, with a specific focus on Carding Action Week (CAW) .  This was followed by a presentation from the Gulf Cooperation Council Police (GCCPOL) that gave an update on payment and fraud issues seen by their 6 member countries.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  An update was given by the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 1-2020 will be produced later this month, based on the national country crime updates provided at the 50th EAST Meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

49th EAST Meeting hosted by LINK in London

The 49th EAST Meeting (National Members) was hosted by the LINK Scheme in London on 8th October 2019. National country crime updates were provided by 20 countries, and a global update by HSBC.  Topics covered included payment fraud and the continuing evolution of payment technology and related threats, terminal related fraud attacks, malware and logical attacks, and ATM related physical attacks.

The European Cybercrime Centre (EC3) at Europol gave a presentation on the ‘Genesis’ dark web marketplace where cyber-criminals are selling digital fingerprints (bots).  This was followed by a presentation from the INTERPOL Financial Crimes unit on ATM and payment crime.

The Gulf Cooperation Council Police (GCCPOL) then shared an update on payment and fraud issues seen by their 6 member countries. In recognition of their first attendance at an EAST Meeting, GCCPOL representative Major Mohammed Khalid Alabsi presented the current Chair of EAST, Ms Veronica Borgogna (BANCOMAT SpA), with a mementoe of the occasion.  EAST Executive Director Lachlan Gunn said: “We are delighted to be strengthening our relationship with the GCC and the Arab States of the Gulf, another step forward in enhancing the global value of our National Member platform.”

Presentations were also given by the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Payments Task Force (EPTF).

EAST Fraud Update 3-2019 will be produced later this month, based on the national country crime updates provided at the 49th EAST Meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

Terminal Fraud Update – EAST FCS Seminars 2019

Terminal Fraud

Act now to save your place for the Terminal Fraud Seminar that will be held by the EAST Expert Group on All Terminal Fraud (EGAF) on 9th October 2019.

SESSION FOCUS – LOGICAL SECURITY UPDATE

This session will focus on logical attacks against ATMs. These can be split into two types – black box attacks and malware attacks.

Terminal FraudEAST EGAF Chair, Otto de Jong of ING Bank, will first present on black box attacks. These are a type of jackpotting attack. The criminals connect an unauthorised device (or black box) which sends dispense commands directly to the ATM cash dispenser in order to ‘Cash-Out’ the ATM. He will cover the latest developments for this type of attack methodology.

Terminal FraudThen Terence Devereux of Diebold Nixdorf will present an update on malware attacks. For these attacks the criminals use unauthorised software, or authorised software run in an unauthorised manner, on the ATM’s PC. These attacks are focussed on either jackpotting (most common), or card skimming, as follows:

  • Jackpotting: Targets control of the cash dispense function in order to ‘cash-out’ the ATM
  • Man-In-The-Middle (MitM): Targets communication between the ATM’s PC and the acquirer host system in order to falsify host responses and dispense cash without debiting the criminal’s account
  • SW-Skimming: Targets card and PIN data in order to create counterfeit cards for subsequent fraudulent transactions

This interactive event follows the basic structure of EAST EGAF Member meetings. Attendance at EAST EGAF meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

Terminal Fraud

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.


2019 EAST FCS ATM Physical Attack Seminar Sponsors

 

 

 

 

Additional sponsorship opportunities are still available

Terminal Fraud Update – EAST FCS Seminars 2019

Terminal Fraud

Act now to save your place for the Terminal Fraud Seminar that will be held by the EAST Expert Group on All Terminal Fraud (EGAF) on 9th October 2019.

Terminal Fraud TERMINAL FRAUD SEMINAR- PROGRAMME UPDATE

  • EAST Executive Director Lachlan Gunn will share the latest Terminal Fraud Statistics published by EAST, covering the period January to June 2019;
  • Veronica Borgogna of BANCOMAT S.p.A will provide a national threat assessment for Italy
  • and Ben Birtwistle of RBS will provide a national threat assessment for the UK

The national threat assessments will cover card compromise and logical/malware attacks

This interactive event follows the basic structure of EAST EGAF Member meetings.  Attendance at EAST EGAF meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

ATM Physical Attacks

The EAST FCS Seminars will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.


2019 EAST FCS ATM Physical Attack Seminar Sponsor

Additional sponsorship opportunities are still available

48th EAST Meeting hosted by Europol in The Hague

The 48th EAST Meeting (National Members) was hosted by Europol at their Headquarters in The Hague on 5th June 2019. Presentations were made by the European Cybercrime Centre (EC3) and the European Serious Organised Crime Centre (ESOCC).

National country crime updates were provided by 18 countries, and a global update by HSBC. Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

Presentations were also given by the EAST Payments Task Force (EPTF), the EAST Expert Group on All Terminal Fraud (EGAF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).

EAST Fraud Update 2-2019 will be produced later this month, based on the national country crime updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.

48th EAST Meeting

2019 EAST FCS Seminars – Programme Announcement

EAST FCS

The programme for the 2019 EAST FCS Seminars is now available.

Two concurrent seminars will be held on 9th October 2019:

EAST FCS Terminal Fraud Seminar (organised by the EAST Expert Group on All Terminal Fraud (EGAF)

This interactive event follows the basic structure of EAST EGAF Member meetings.  An introduction to the Group will be followed by a presentation of the latest EAST Fraud Statistics (H1 2019) and a high-level overview of the European situation by Europol.  Then a session will then focus on the terminal fraud situation in four countries/regions, followed by a short discussion.  This will be followed by a practical demonstration of Project Checkcard, aimed at checking the validity of EMV cards, followed by a session topic still tbc.  Attendance at EAST EGAF meetings is limited due to the size of the Group and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

EAST FCS ATM Physical Attacks Seminar (organised by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP)

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2019) and recent attack definitions, and a high-level overview of the European situation.  Then a session will focus on the ATM physical attack situation in five countries, which will be followed by a session on banknote infrared recognition.  The event will conclude with a Q&A session on all attack types and counter-measures.  Attendance at EAST EGAP meetings is limited, as it is a working group, and this event enables a wider participation and the opportunity for all attendees to engage with the Group and its organizers.

HIGHLIGHTS FROM THE TERMINAL FRAUD SEMINAR

Otto de Jong, of ING Bank and Chair of EAST EGAF, will host the Terminal Fraud Seminar and chair the discussion on Threat Assessments – Europe;

Tobias Wieloch, of Europol’s European Cybercrime Centre (EC3), will provide an overview of terminal fraud in Europe from Europol’s perspective;

Arnt Olav Rottereng, of EVRY ATM Services, will update on the terminal fraud situation in the Nordics;

and Tobias Heckmann, Software Developer at the University of Applied Sciences Bingen, will present and demonstrate Project CheckCard, an investigation tool designed to assist law enforcement to validate whether or not a smart card is genuine.

 

New EAST Fraud Definitions now available in Russian

EAST Terminal Fraud Definitions are now available in the Russian language.  At the end of 2018 EAST upgraded its Terminal Fraud Definitions to illustrate what the criminal target outcome is for each fraud type.  In the upgraded definitions each applicable criminal benefit is highlighted next to each terminal fraud type.

The translation was carried out by two EAST National Member organisations – the Ukrainian Interbank Payment Systems Member Association “EMA”  and the MasterCard Members Association (MCMA).

These fraud definitions are used by EAST when issuing Fraud Alerts, or when compiling the statistics and other information for European Payment Terminal Reports and Fraud Updates.  The aim is for these Terminal Fraud Definitions, as well as the related criminal benefits, to be adopted globally when describing or reporting payment terminal fraud.  This translation into Russian is another step forward towards achieving this.

Below is the  definition for Card Skimming in the Russian language.

The definitions have been classified ‘WHITE’ under the terms of the EAST Information Security Policy and may be shared freely, subject to standard copyright rules.

EAST EGAF holds 18th Meeting in Amsterdam

EGAFThe Eighteenth Meeting of the EAST Expert Group on All Terminal Fraud (EAST EGAF) took place on Wednesday 8th May 2019 at ING Domestic Bank in Amsterdam.

EAST EGAF is a regional expert group that focuses on regional and global payment terminal crime and fraud related issues, threats and counter-measures.

The meeting was chaired by Mr Otto de Jong and was attended by key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

The Group, which meets three times a year in advance of each of the meetings of EAST National Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Skimming, Card Trapping, Cash Trapping and Transaction Reversal Fraud.

In addition EAST EGAF generates EAST Fraud Alerts for all EAST Members (National and Associate). In total 210 EAST Fraud Alerts have been issued, 9 to date in 2019.

EAST EGAF meetings are restricted to working group members and, to provide a wider platform for sharing/discussion, the Group is holding a half-day open seminar in London on 9th October 2019.  Registration for this is now open and more information can be found on the EAST Events website.

2019 EAST FCS Seminars – Save The Date!

The 2019 EAST Financial Crime & Security (FCS) Seminars will be held on Wednesday 9th October 2019, at the Park Plaza, Victoria, London, UK.  Save the date!  Register now to get the Early Bird Registration Rate and save £100 on the Standard Registration Rate! (see current 2019 prices here)

Early Registration deadline – Monday 19th August 2019

Two concurrent seminars will be held:

To view last year’s EAST FCS programme and speakers or to check the venue details please visit our events website: www.east-events.org

These events will be co-located with RBR’s ATM & Cyber Security 2019 event, although separate registration is required.

FCS Seminars