Earlier this year, administrators at Hollywood Presbyterian Hospital suddenly discovered they had lost access to their computers. Doctors were locked out of their patients’ medical records, and they couldn’t access their own reports. Their system data had been encrypted by malicious software. While all this data was being held hostage, staffers had to direct sick people to other hospitals. After two weeks of writing everything down on paper, the hospital paid a $17,000 ransom in Bitcoin to regain access to their computer systems. Ransomware not only cost money; it endangered lives.
If you told me a few years ago that executives would be scrambling to digital currency exchanges to pay malware distributors, I wouldn’t have believed it. However, that’s exactly what has happened. Individuals, businesses, and larger institutions alike have all fallen prey to this growing type of cyberattack. C-suite executives now find themselves hostage to these data hijackers.
Ransomware — the term comes from “ransom” and “software” — is a type of computer virus that prevents users from accessing their systems until a sum of money is paid. Preying on human error, cybercriminals trick users into activating this malicious software. Often disguised in email as HTML links or attachments, ransomware encrypts data using a private key only the attackers possess. Users are locked out of their machines; ransom is demanded. To evade law enforcement, these attackers are using anonymous payment methods such as Bitcoin.
Ransomware distributors, the criminals overseeing these attacks, have figured out a pricing strategy that works. The average demand for consumers and small business owners is between $300 and $500. That’s a sum many can deliver when faced with the possibility of losing all their valuable digital assets.
Of course, there are more costly and dangerous situations, such as Hollywood Presbyterian Hospital’s experience. The FBI estimates cost of ransomware could reach $1 billion in 2016 in the United States, thanks to a surge in cases. The agency says more than 4,000 cases of ransomware occur daily, quadruple the rate from last year.
My company, Carbonite, has been tracking a massive uptick, too. Our customer care team has implemented a new system to track and respond to incidents. We store customers’ and clients’ data online, in the cloud. When those customers are hit by a ransomware attack, many reach out to us for help to restore a backed-up copy of their data that’s being held hostage. Our team saw the biggest spike in ransomware help calls in March, likely due to the spread of the Locky ransomware strain.
It’s not just the rapid rise of ransomware that’s so alarming; its targeting is, too. A new global survey finds that nearly half of United States organizations report ransomware attacks in the past year. Of those, 43% affected middle managers and 25% affected senior and C-level excutives. (These rates are lower in other countries.) The two industries most commonly targeted globally are financial services and health care.
Because ransomware is so pervasive and the damage can be so costly, I’m always surprised when I talk to C-levels who have not put it on their radar. Many times, they have relegated ransomware prevention to IT. But I encourage the executives who ask me for advice to make ransomware prevention a central piece of their cybersecurity strategy, to review that strategy at least once a year with their board of directors, and to engage their entire organization in education and prevention.
Our company provides employees across the company with online, interactive tools for identifying suspicious malware. We arm our workers with the resources they need to be security-aware, and then hold them accountable for protecting their data. This goes for all employees, including me and my executive team.
Why are ransomware attacks increasing?
One reason ransomware attacks are spreading is because fraudulent email containing links or attachments for the unsuspecting user to click on have become much more sophisticated. These so-called phishing emails (called whaling emails when they target C-suite executives) are no longer sent from self-described dispossessed potentates from faraway lands looking to bequeath you a portion of their ancestral wealth once you have provided some sensitive information.
Nowadays, infections arrive via well-written, typo-free emails, often disguised as official documents with corporate logos and signatures. Some look like typical business correspondence or legitimate reminders to upgrade applications. One attorney received a polished email with a promising resume attached.
Another factor in the spreading phenomenon is access to the digital currency Bitcoin. The ease of anonymously collecting payments from afar has boosted the ranks of cybercriminals. These days, you don’t have to know that much about ransomware to use a do-it-yourself kit. The deal is, you agree to share your earnings with the large syndicates.
Law enforcement is responding to the growing cybercrime, and in the U.S. the FBI takes ransomware seriously. The agency has published prevention guidelines for CEOs and for CISOs. It also discourages victims from paying the ransom, noting that payment incentivizes repeat attacks.
Some defenses against ransomware are improving. In testing labs, researchers have developed software that detects some variants of ransomware. Computer security companies such as Kaspersky Lab have deployed decryption toolsto help victims unlock their data after an attack. At Carbonite, we launched FightRansomware, a website dedicated to informing small businesses about the ways ransomware works and the most effective methods for protecting your data.
Cybercriminals have figured out how to wreak havoc even at companies that take the right precautions, and detection and decryption tools don’t always work. Still, there are some things you can do.
Ransomware readiness and responsibility
Whether we are small business entrepreneurs, IT advisors, or C-level board members, we are all vulnerable. That makes us responsible for adequate ransomware education and prevention for employees at all levels, and responsible for an action plan that can be followed without confusion if and when our systems are attacked.
Education is key to making sure our employees and systems don’t become victims. Protect your company’s perimeters with firewalls and solid network security. Use antivirus software and make sure it’s updated on schedule. Unfortunately, human error accounts for the majority of ransomware distributions. So take additional safeguards. One way to render a ransomware attack ineffective is by storing a duplicate of your data. Ransomware becomes meaningless if you can quickly restore your systems and data to a time before the infection.
If you are victimized, I tell colleagues, do not be embarrassed. Instead, be prepared. As soon as you’re aware of an attack on your computer, file server or network, immediately shut down all file sharing activity and alert the proper people in your company. Use your antivirus software to determine where the infection happened. If you can’t do that with the antivirus software, examine the infected file’s properties to find out the last user or computer to make changes to the file — this will tell you where the infection originated. Then, assess the extent of the infection and the damage, and remove the virus by deleting all infected files. Hopefully you have a backup service in place, so you can recover clean versions of the infected files.
Ransomware may be spreading, but so is awareness. Cybercriminals have more sophisticated tools than ever, but we all have access to security and backup technology that can keep computers and companies running. Yes, we are all vulnerable, but we can take responsible steps to make ransomware attacks as rare and ineffective as possible.
Copyright: hbr.org https://hbr.org/2016/10/is-your-company-ready-for-a-ransomware-attack