Ransomware: How this growing cybercrime trend impacts businesses of all sizes
Hackers use ransomware to hold data hostage. Everyone from individuals to multinationals has been targeted. Learn how it works and what you can do to prevent it.
Recently, some major household names have seen their computer systems compromised by ransomware, a type of malicious software that deprives business owners of access to their own data. The New York Times, the BBC, AOL and the NFL are among the well-known organizations that have recently been targets of this growing cybercrime trend. From hospitals to the U.S. Department of Homeland Security, from individuals to multinationals, the risk is increasing daily. And while you might think cybercriminals wouldn’t be interested in your business information, you would, unfortunately, be wrong.
What is Ransomware?
Ransomware is malicious software that encrypts the hard drive of the computer or server it infects, making its contents inaccessible to the owner. The hacker then charges a “fee” to provide the encryption key that enables the owner to access the data again. Although it’s been in the news recently, this type of cybercrime has in fact been around since 1989, when it used to go by the name PC Cyborg. More recent iterations of ransomware software include CryptoLocker, CryptoWall, Locky, and TeslaCrypt.
How is the infection spread? It is spread much the same way as other computer viruses. Someone visits a suspicious website or opens an attachment in an email from an unknown source.
When the ransomware hits, your computer screen freezes. Sometimes it will display a message purporting to come from the FBI saying your computer is locked because you performed an illegal activity on it. In order to unlock it, you have to pay a “fine.” Other times, the message simply tells you your personal files have been encrypted and you need to pay for the key to decrypt them. Typically, a countdown clock begins to run: when it runs out, the ransom for regaining access increases.
What makes ransomware so difficult to respond to is the same reason for a standard ransom or hijacking – you don’t know if the perpetrators actually have what they say they have. It’s not always easy to discern if the hackers actually do have a significant infiltration to systems or not. In some cases, low-level data could be compromised or none at all. In other cases, the ransom ware has in fact accessed all data points. It can be like two players at a poker table and you need to decide who’s holding an unbeatable hand and who's bluffing.
What Types of Companies are Being Targeted?
Hospitals and health networks are high on cybercriminals’ target lists because they combine a high volume of customer data, including payment information, with the resources to pay. But according to Grayson Milbourne, Security Intelligence Director for Internet security firm Webroot, “there’s an increase in focus on attacking corporate entities…[if] I encrypt the back-end of your corporate system and prevent you from processing payments, that has a tremendous value.”
To Pay or Not to Pay
Unfortunately, ransomware’s encryption is generally so good that most IT departments will not be able to crack it. Last fall, FBI agent Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program in its Boston office, made headlines at a cybersecurity conference when he said: “To be honest, we often advise people just to pay the ransom.”
When a business has a fiduciary responsibility for its clients’ information… when the safety of a municipality is at risk… when hospital patients’ lives are at stake… most businesses do pay.
The cybercriminals behind these attacks have, for the most part, set their ransoms relatively low. The hacker who held Hollywood Presbyterian Hospital’s system hostage asked for $17,000 in bitcoin. The town of Plainfield, New Jersey, was forced to hand over €650 (~ $735 as of 6/6/16) in bitcoin to regain access to its municipal records in April of 2016.
As discussed in a previous article Does Your Business Need Cyber Insurance, cybercrime insurance is available, but be sure that any policy you’re considering specifically covers ransomware attacks. Also, pay attention to the fine print to understand what your responsibilities are in terms of keeping your data secure. Failure to do so could be grounds for denying any claim you make.
Can You Prevent It?
Clearly, this is a situation where the best defense is a really strong offense. In the face of these attacks, good Internet hygiene is more important than ever. That means:
- Back up your data regularly
- Apply software patches as soon as they become available
- Bookmark trusted websites and access these websites via bookmarks
- Download email attachments only from trusted sources
- Scan your system regularly with anti-malware
- Avoid saving critical data on a laptop or desktop – you always want to be in a secure network environment
- Maintain a separate computer for banking
- While not preventative, develop a data breach plan that addresses business continuity, communication, restoration from backups, and store that plan somewhere outside your company’s systems
As of this writing, ransomware is garnering more and more headlines. The Institute for Critical Infrastructure Technology (ICIT) has released a report declaring 2016 Will Be The Year Ransomware Holds America Hostage. Rather than cowering under our desktops, the important thing to remember is that you can effectively deal with ransomware by acknowledging that your business is at risk whenever it’s connected to the Internet. While some businesses are actually considering delinking from the Internet to eliminate these risks, for most of us that isn’t a realistic option. The more vigilant you are, the better you’ll fare. By ensuring that you and your employees engage in cybersecurity best practices, you will go a long way to protecting your critical files from being held hostage.