As if data breaches and identity theft weren’t bad enough, over the past year there has been a marked increase in a vicious threat called Ransomware. Many malware attacks are stealthy, where a criminal silently grabs your passwords, credit card or other valuable information without your knowledge. Ransomware attacks are very different in that they blatantly destroy all your information and then demand a ransom to get it back. This nefarious software is known by names like Cryptolocker or Cyptowall and has been highly effective at bypassing defenses.
The malware generally gains access on a single PC via an infected email or website and immediately infiltrates all the data in your firm. Once the PC is infected, the malware silently and immediately searches for all information on your network and begins encrypting it with a very strong encryption key. Once the ransomware has locked up your information, the infected PC pops up a screen providing instructions on how to pay the ransom. The ransom might start out at 1 bitcoin (currently worth about $290) and increase to 10 bitcoins if not paid within 72 hours. The extortion is generally made in bitcoins since it is a theoretically untraceable cryptocurrency.
Pay the ransom and you might receive the decryption key and get your files back. Cross your fingers that the crooks deliver and that the FBI hasn’t already blocked the link to the encryption key. Of course, nobody is advocating paying extortion. If you have been hit, the more reliable and morally responsible action is to recover from backup. We should not reward and encourage cyber terrorist criminals.
Unfortunately, there have been reports even from law enforcement agencies, who (gulp) actually paid the ransom. Last November, Dickson County Sheriff ’s Department in Tennessee paid out $572 worth of bitcoin. The sheriff said his first reaction was “we are not going to be held hostage.” But, “once it was determined which records were involved and that they were crucial to … the operations of the sheriff ’s office and the citizens of this county…. I had no choice but to authorize to pay this.”
You don’t ever want to find yourself in this situation and there is no guarantee that paying the ransom will even work. Take proactive steps now to ensure you are adequately prepared. Monitoring and continually upgrading your defenses is essential.
A partial checklist of security items to review with your IT people are: commercial-grade network security (including expensive software subscriptions); intrusion prevention; malware endpoint protection; strong email filtering; patching (a frequent problem); strong password policies; policy and procedure enforcement; enforced automatic log-off; consider data loss prevention (DLP) software; no XP; no Office 2003; no Exchange 2003; no Server 2003.
Lastly, and most importantly, regularly review evidence of restore tests of your backups. In my assessments, I frequently find backups that have been silently failing or are incomplete. When a backup exclusion list gets audited, it’s often a rude awakening to see just what’s not being backed up. When you need to restore, you cannot afford to hear the word, oops.
Consider having an independent assessment of your security. This happens to be a practice area of my firm but there are many excellent companies that specialize in security assessments. A little attention to security now could prevent a big problem down the road.