Tomorrow morning you walk into your company and, when you switch on your computers, there’s a message on the screen saying, “Ooops, your files have been encrypted.”
Along with this message, you find a demand for payment to release your files. They want the payment in Bitcoin, no less.
This is not a far-fetched idea. PIASC member companies here in Southern California along with businesses around the country have experienced ransomware attacks.
According to the FBI’s 2018 Internet Crime Report, there was a 54.5% increase in ransomware reports from 2017 to 2018. More than half of these businesses had to pay a ransom worth $10,000 to $40,000 to recover their data.
The losses do not include estimates of lost business, time, wages, files, equipment, or any third party remediation services acquired by the victims. Also, the number of attacks is probably higher since some victims don’t report the crimes to the FBI.
Your Computers and Ransomware
Take a minute and think about the reach of your computer systems. You schedule print jobs with your computers. The art files for these jobs are created and stored on your computers. Computers handle your estimating and invoicing. Your telephone system is controlled by your computers. How long could your company survive and how quickly could you recover if a ransomware attack hit you? You must protect these computers and your livelihood.
When hit by a ransomware attack, you’ll have many questions running around in your head.
- How did this happen?
- Are our files backed up?
- If they are, will that even help?
- What do I do about the rush job that was supposed to be delivered to the client by the end of today?
- Should I pay the ransom?
- What the heck is Bitcoin anyway, and how do I buy it?
Let’s take each of these questions one at a time.
How did this happen?
According to UC Berkeley’s Information Security Office, “ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website, and malware is downloaded and installed without the user’s knowledge.”
The first step in reducing the chances of being a victim of ransomware is to educate yourself and your employees to recognize the danger.
Your entire staff needs to be trained to identify suspicious emails. Hackers research and identify individuals and companies you trust. They then use this information to pretend to be someone you know or a company with whom you work. Learning how to “read” an email address can go a long way in preventing an attack.
For example, when an email is received from a person at a company, let’s call him John Doe at ABC Bindery, you need to check and see if the email address matches the person and the company. The correct email might read firstname.lastname@example.org. A suspicious email address might read email@example.com. Notice the email looks like it’s from someone you know, John Doe, but the company is unfamiliar. Opening that email then clicking on a link or downloading an attachment can open you up to malware or ransomware. If you don’t recognize the sender or the sender’s company, trash the email.
You can also recognize fake emails because the company’s name is spelled wrong. According to Microsoft Windows Security Support, “Look out for strange spellings of company names like “PayePal” instead of “PayPal” or unusual spaces, symbols, or punctuation like “iTunesCustomer Service” instead of “iTunes Customer Service.”
There’s a myriad of other ways that hackers can get into your system. To learn more, talk to your Internet and email service providers.
Are our files backed up?
Microsoft also recommends you regularly back up the content on your computer. This must be done correctly. Sometimes the backup schedule may not perform backups with enough granularity, or they’re not backing up the data you thought they were backing up. Other times they don’t complete the backup in a timely fashion. A company that does a full backup every week will lose up to a week of data if it needs to be recovered. Backups should be made daily or every other day to minimize loss.
Even if you have backed up your files, these, too, must be protected. Understand, if you’re using a cloud drive for backup and it’s mounted to the operating system and accessible to you, it’s also accessible to ransomware that runs under your account. According to the FBI, the only way to fully protect the cloud backup would be to unmount the cloud drive after daily backup. This can get tedious, and you should consult an expert to make sure your backup files are protected.
Should I pay the ransom?
The first thing you should do if a ransomware attack hits your computer is to contact the local FBI field office. Their recommendation will be not to pay the ransom. While you may want to get your files back as soon as possible, there are serious risks to consider before paying the ransom.
- Paying a ransom does not guarantee you’ll regain access to your data. 58% of ransomware victims never recovered their data.
- Some victims who paid the demand have reported being targeted again by cybercriminals
- After paying the originally demanded ransom, some victims have been asked to pay more to get the promised decryption key
- Paying could inadvertently encourage this criminal business model
How to Protect Yourself and Your Company
In addition to employee education and backing up your files, you should seriously consider purchasing Cyber Security Insurance. This won’t prevent ransomware attacks, but it will reduce the financial risk that your business can incur as a result of such attacks, and it will provide a safety net to fall back on.
What, exactly, does Cyber Security Insurance cover?
- Data breach response
- Online extortion payoff and assistance
- Recovery costs associated with replacing hardware and software
- Privacy, security and media liability
Take Immediate Action
This is a serious situation. I have worked with PIASC members who have experienced a ransomware attack in just the past few months. Here are five things you should do today.
- Back up, back up, back up
- Educate and engage employees
- Keep your operating system and virus protection software updated
- Refrain from opening attachments that look suspicious
- Keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date
I also suggest you download and become familiar with these FBI publications:
- Prevention and Response for CEOs
- Ransomware Prevention and Response for CISOs
Actions We’ve Taken
At PIASC, when recently asked, “how often do you do a risk assessment?” I responded that I do it every night on my way home from the office. A ransomware attack in our environment is a huge concern to me given the wide range of people and companies that we communicate with every day. We have seen an increase in phishing in recent weeks. To address my anxiety, I looked for an advanced form of security. We use an endpoint security package recommended by our network management firm which basically monitors incoming activity and compares it to “known” lists of malware. I worried about the traffic that might occur in the window before a new malware becomes “known.”
To address this condition, we began looking for a more proactive solution and identified a company called Nyotron which is a relatively new company headquartered in Santa Clara with a R&D group in Israel. While by no means am I an IT techie, after some investigation, I found that their software, Paranoid, offers proactive protection such that it blocks, what I would term, non-routine activity. The early days of implementation drove our IT folks nuts as Paranoid had to “learn” our routine. On the other hand, a couple of weeks ago, Paranoid acted up when Adobe sent an update to Flash which was out of the norm.
Are we out of the storm? Probably not but I sleep a bit better knowing that we have both the traditional security blocking anything on the known malware lists and we have a barrier of last resort looking to block anything suspicious.
Ransomware is serious. It can cripple your company. Thinking that it cannot happen to your company is a mistake. Take action now.