Beware of Ransomware (a/k/a what is ransomware?!)

Ransomware is a serious threat to any business that is connected to the internet and has the potential to stop a business in its tracks until the ransom is paid (or a backup is obtained and restored).
Most basically, ransomware is a piece of malicious software (malware), that once it has taken control of a computer, encrypts the computer system and denies the user access to its system or files until a ransom is paid and a decryption key is provided.  While the initial demand from the hacker is usually an outlandish sum, hackers usually will settle for significantly less, and often seek payment in Bitcoin or other cryptocurrency as it is not easily personally identifiable.
There are a variety of ways that a business’s computers can be attacked by ransomware – the most common method being phishing.  A phishing email will normally be an e-mail purporting to be from someone that the user normally trusts, with a malicious attachment or link that will take over the user’s computer.  For instance, if you receive an email purporting to be from your realtor with a DocuSign link, but you haven’t used said realtor in two years, the link is likely malicious.  Likewise, if a user receives an unsolicited email, with no context, from a friend that says something along the lines of “Hey check out this video its sooo cool” it is likely malicious.  Even emails that appear to or actually do originate from within the business’s organization may be malicious.
Once the ransomware has taken over the victim's computer, the most common action is to encrypt some or all of the user's files, making them inaccessible to the user, unless the files are decrypted with a key known only by the hacker. 
There are several different ways attackers choose the organizations they target with ransomware. Sometimes it is simply a matter of opportunity, for instance, hackers might target educational institutions because they may have smaller security teams and significant file sharing, making it easier to penetrate their defenses.  On the other hand, some organizations are targets because they seem more likely to pay a ransom quickly. Hackers know that government agencies, law firms, or medical facilities often need immediate access to their files and/or to keep such files confidential.

By way of real life example, one of our clients is currently being “held for ransom” with a ransom demand of $500,000.  They are a local distribution company and so long as their computer system is under ransom, they cannot take orders, ship products, or deploy trucks.  Nor can the company send emails to clients or employees.  As such, the company has been deprived of necessary technology/data and is essentially out of business until the ransom is paid (or backup restored).

While not a surefire defense, there are a number of steps that can reduce the success of a ransomware attack: 1) keep your operating system, hardware, and software patched and up to date, 2) do not install software or provide administrator privileges unless you know and trust the software, 3) install antivirus and antimalware software, and 4) back up your files, both frequently and automatically (which will not stop a malware attack but will greatly limit any damage).

Ultimately, ransomware is costly and time consuming.  Even if the ransom has been paid and/or the data has been recovered, the effects of a ransomware attack may linger on indefinitely.  For healthcare, banking, law firms, and other businesses with confidential client/customer/patient data, data breach reporting and damage mitigation are essential, and which may even include providing credit monitoring for individuals whose information was stolen.

Given the substantial damage a ransomware attack may inflict on a business, 
prior to an attack, businesses must work diligently with their attorneys, insurers, and technology/security team to develop disaster prevention, mitigation, and recovery plans.

-Douglas M. Nelson

Sun Jun 9, 9:18pm