What If I Get Hit with Ransomware?

Brother, can you spare a Bitcoin?

Many business owners do not equate the threat of cybercrime with going out of business.  Even if they acknowledge the threats, they are not acting as if it is a matter of utmost importance – especially concerning small to midsize businesses (SMBs).  According to an article from the U.S. Securities and Exchange Commission (SEC) in late 2015, “It has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result.” 

One of the greatest cyberattack risks to businesses today is Ransomware.  For the uninitiated, Ransomware is a type of malware that encrypts your files and demands you pay a ransom, typically in Bitcoin, to regain access.  In the FBI’s April 29, 2016 bulletin, it was stated that there had been a marked increase in Ransomware attacks against businesses – and the ransoms that cybercriminals are demanding have grown larger.  Given the amount of money extorted in the first quarter of 2016, Ransomware is projected to net a billion dollars this year – not including losses due to stalled productivity.

Update Your Security


Using Ransomware to Go Out of Business

You may be thinking, “This really isn’t a big deal.  We’ve already been hit with Ransomware on one or two computers.  We didn’t pay the ransom; we just reformatted the machines, and went about our merry way.”  But, the cyber landscape is changing rapidly and recent variants of Ransomware are now attempting to “land and expand” from the initial victim’s computer to the entire network.  In an exhaustive whitepaper entitled Ransomware: Past, Present, and Future, Cisco’s TALOS group warned that advanced Ransomware will “pivot deeper into the target network, looking for credentials to escalate their privileges. The ultimate goal for this stage of invasion is to locate and destroy networked backups before mass-distributing Ransomware to as many systems on the network as they are able to access.”  In other words, we are now facing a future in which RansomWorms will take over your entire network and demand a massive ransom in order to return your business back to its rightful owner.

If you're looking for a cyber disaster for your business, here are three behaviors to employ:

Step 1:  Do not utilize or test off-site backups of your data.

It sounds ridiculous, but this is the approach that some businesses have taken when it comes to data backups.  From no data backup at all to tape backups that are stored in the same location as the server, businesses are gambling with their future.  The Locky Ransomware variant seeks out files and folders labeled “Backup” and deletes them.  It’s not enough to have off-site data backups; you need to test restoring your data backups to ensure that the integrity and availability of the data is preserved.  Remember, just because you have data backups doesn’t mean that Ransomware recovery will be painless.  There can be multiple days of down time for your users that are affected by Ransomware.

And while we are on the subject of data backups, it doesn’t do much good to have tested, off-site backups of your important files if you, or your employees, are still saving data to local hard drives.  A Ransomware attack will encrypt files stored on the victim’s PC and, if you don’t pay the ransom, data will be lost forever.  We have seen many employees store vast amounts of critical data on the local drive of laptops, representing years worth of lost data in the aftermath of a Ransomware attack.

Step 2:  Believe that every email is legitimate and should be clicked with reckless abandon.

People are generally trustworthy, right?  If you receive an email that looks like it’s from your bank, a vendor, or client shouldn’t it be safe to open?  Why would anyone take the time to mock up an email to fool you?  Who has that kind of time and energy?  Turns out, there is a lot of money to be made by sending out fake emails to you and your employees. 

It’s not just Ransomware that bloats the bank accounts of cyber criminals.  Business Email Compromise (BEC) has cost businesses over 2 billion dollars since 2013.  BEC, also known as the CEO scam, is effective because scammers send an email to the CFO, which appears to be coming from the CEO, asking for a wire transfer.  This same approach can be used to trick you into thinking that the IT department is emailing you asking for your login credentials. 

The key to avoid falling for cyber criminals’ traps is, “Think before you click.”  If you are not expecting the email, don’t click on links or open attachments.  Ensure that wire transfers require a two-step process, NOT just an email request.  Also, no legitimate entity will ever ask you for your password via email.

Step 3:  Do not provide security awareness training to all employees.

No doubt, you’ve made a considerable investment in your technology infrastructure:  anti-virus, SPAM filtering, web filtering, next generation firewalls, and so on and so forth.  But, if you are like most business owners, you have not prepared your human firewall.  What is a human firewall, you ask?  Your employees are either your last line of defense or your weakest link.  Time and again we’ve observed companies that have extensive physical and logical security established, only to have their human firewall fail with the click of a malicious link containing Ransomware. 

ProTech has tested the vulnerability of thousands of end users to determine how likely they would be to click on malicious emails that could contain Ransomware.  We have found that, on average, 18% of employees will click on potentially malicious email links and attachments.  You only need one employee to click on one malicious email to expose your network to Ransomware. 

No one wants to lose their business due to cybercrime - but doing nothing is not a strategy.  Remember, in some cases, cybercriminals are engaging with your employees more often than you are! 

Let ProTech help design a security roadmap to keep you and your business safe. 


Update Your Security

Posted by Chelsea Nelson at 7:40 AM