During the pandemic, data breaches disproportionately affected smaller companies; they were targeted at twice the rate of larger businesses. Since the pandemic, those same smaller companies have been struggling with COVID-19 fallout ranging from supply and labor shortages to bouts of inflation. All those preoccupations have left them more vulnerable to ransomware attacks.
Enemy at the gates
Typically, ransomware is triggered when an employee downloads an attachment or responds to a phishing or scam email. Ransomware can also penetrate a network through server vulnerabilities or an infected website. A third way that ransomware works is by sneaking in through security holes in older, unpatched versions of operating systems.
Once the ransomware has infiltrated, it will lock users out of their computers. Their devices will display a message demanding a ransom to unlock the hardware and restore access. The ransom is often payable only in bitcoin or other cryptocurrency. Those transactions are quick and easy, and because they are anonymous, difficult to trace. Although bitcoin is the most popular ransom currency, ethereum, zcash, monero, or another may be stipulated. In the past, gift cards for Amazon or iTunes were popular for smaller scale extortion.
The ultimate damage may greatly exceed the cost of the ransom itself. Being locked out of computers or servers has a ripple effect, resulting in business downtime and the concurrent lost revenue, lost customers, or lost new business, as well as negative publicity.
Prevention beats cure
It is essential to take precautions to ward off any impending threats:
- Run antivirus software programs regularly.
- Maintain a firewall.
- Back up your business data systematically and store a copy away from your servers.
- Train employees to open only trusted attachments.
- Update security patches frequently.
- Install two-factor authentication.
- Buy a cyber insurance policy, even though costs have risen since COVID-19 and tighter underwriting often now requires multifactor authentication and encrypted data. (Your regular property and liability insurance policies may not cover you, as most exclude cyber damages.)
- Monitor published security vulnerabilities.
- Keep a registry of all your software, hardware, and cloud data.
- Put your emergency response plan in writing and share it.
Even if you religiously follow security best practices, ransomware may still break through. The first step in your response plan is to not panic. Take a photo of the infected screen before you unplug everything; pay particular attention to any deadlines mentioned. Next, try to isolate the infection by disconnecting any vulnerable hardware from the network.
Contact your help brigade, including your data privacy lawyer (or other attorney) and your cyber insurance company. It is a good idea to report the incident to your local FBI office too.
Next, implement your internal procedures:
- Reset all passwords, since many computers are likely to be corrupted.
- Notify your employees and customers.
- If your screens are locked, get expert help to try to regain access.
- Restore and back up the most recent data.
Paying up
Across the industry, many experts counsel victims against paying a ransom. The risks are like those of kidnapping: How do you know the gang will practice thieves' honor? What is the guarantee they will unlock your systems? Will they keep demanding further payments?
However, businesses are increasingly willing to pay to salvage their operations, so if you do succumb, you are not alone. Since 2020, the number of organizations that have paid ransom has risen by 5.4 percent, amid a 9 percent increase in attacks over the past two years.
Before transferring funds, at least consider requiring a so-called proof of life—evidence that the wrongdoers can decrypt and restore at least one file.
Talk to your security team and professional technical advisers about any other safeguards you can set up in advance. R&A can also provide guidance. Give us a call.