Business Cyber Attacks Top 4,000 Per Day: Your Guide to Ransomware
Counsel your employees: Next time they encounter email claims that "payment is overdue" or your company is "in litigation," don't open any links!
Earlier this month, I received a call: Yet another company had become a victim of ransomware. The type of malware involved was one hackers commonly use to encrypt data on employees’ or companies’ computers. They then demand ransom, usually in Bitcoin, to unlock the information or the computers.
Such occurrences are growing in number: The FBI has reported that since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). That’s a 300 percent increase from 2015, when 1,000 attacks occurred daily.
Picture yourself receiving one of these alerts from an employee. He or she reports a notification that the company's data has been encrypted and is being held for ransom. How will you feel? How will you cope with the fact that whatever sales meeting or product roll-out that was planned has to wait until the data issue is resolved?
Next, how long will these business activities be delayed? That depends on how good your backups are and how fast you can recover your systems. And, unfortunately, backups might not be the only thing you have to worry about. Recently, cybersecurity researchers at Kaspersky Lab discovered a new form of ransomware that encrypts your data, steals passwords from your email system and sends the passwords to a remote hacker.
Given this development, how safe do you think your company’s data really is?
A recent report shows that up to 93 percent of phishing emails are now ransomware. Hackers often target employees by sending an email claiming that payment is overdue or your company is in litigation. If one of your employees clicks a link or downloads an attachment from the hacker, the ransomware is installed while the employee is being distracted with a random document until the ransom note is displayed.
Once you’ve been infected with ransomware, your computer will likely display messages like these:
“Your computer was used to visit illegal content. To unlock your computer, you must pay a $100 fine.”
“You only have 96 hours to submit the payment. If you do not send money within the provided time, all of your files will be permanently encrypted and no one will be able to recover them.”
Hackers get paid because they take advantage of companies with poor backup procedures and employees’ carelessness when clicking on bad links or downloading email attachments from people they don’t know. What can you do to protect your company? Unfortunately, if you are connected to the internet, 100 percent prevention of ransomware attack is not likely. However, there are ways to minimize the risk, and you can mitigate the impact if an attack occurs. The following are a few important areas to consider.
If you’re not training your employees on phishing and spear-phishing, your company may be at great risk. These types of social engineering attacks try to exploit your employees to gain access to your IT system. Verizon’s 2016 Data Breach Investigations Report recommended providing employees with phishing awareness training and providing a means for them to report incidents. A qualified consultant can conduct phishing testing at your company to increase your employees’ awareness of these kinds of threats and reduce the likelihood that they will to fall victim to social engineering attacks.
Configure strong spam filters to prevent phishing emails from being delivered to your employees, prevent email spoofing and scan all incoming and outgoing emails to prevent executable files from reaching business users. The Verizon report recommended using and updating anti-virus software to help secure the endpoint. You should also segregate network and file access based on individuals' need to know or on organization units. For example, your accounting team should not have the same access as the human resources team.
Don’t overlook the importance of backing up your data on a regular basis. This simple step can reduce the risk of losing everything if a hacker takes your system hostage or if your system fails. Confirm that company-confidential and sensitive files are backed up in a remote and un-connected storage facility (i.e, offline backups). Having good backups may reduce the need to pay the ransom.
Incident response plan
In the event of a data security incident at your company, an incident response plan can help you manage the situation. In fact, the 2016 Cost of Data Breach Study: Global Analysis by the Ponemon Institute and IBM identified an incident response plan as one of the key components of a data governance program that can help to reduce the cost of a data breach. You should involve teams from across the organization (e.g., IT, compliance and management) in creating a plan as early as possible; don’t wait until you need to start thinking about it.
In the case of a ransomware attack, your response plan should include:
- Identifying your last-known clean backup and restoring it
- Communication protocols with law enforcement
- Isolation procedures for the infected computer
- Isolation procedures for devices that have not been infected, such as those for stopping the backup synchronization schedule
If your company hasn’t been victimized by ransomware yet, don’t wait to take action. Minimizing your risk and preparing to manage these attacks may be the key to your company's continued operation.
Jorge Rey is the director of information security and compliance at Kaufman Rossin. Recognized by the South Florida Business Journal as a top professional under the age of 40, he is responsible for managing and performing a variety of IT advisory engagements for companies in the financial services, healthcare, retail and technology industries. Rey, who helps organizations address information security, compliance and IT needs, is a certified information systems auditor (CISA) and certified information security manager (CISM), and is certified in the governance of rnterprise IT (CGEIT).