Should I Click that Link? Know How to Protect your Business from Ransomware

This article is a part of a three part series by Kaylee Kruschke on ransomware and how you can best protect yourself.

Imagine that you just sat down at your desk at work. You just turned on your computer, but it does not display your login screen. Instead, you get a very menacing message that says if you ever want to see the data on your computer again, a ransom payment is demanded. You are probably thinking, “Now what? Are you kidding me?” Sadly, this happens to hundreds, if not thousands of businesses and people every single day. You are not able to work until you can get back into your computer. Everything you need to perform your job is on your computer system – every customer’s name and their contract information, your email, and all of your business’s documents. You cannot operate your business without having access to your computer.

Not knowing what else to do, you call your IT consultant. He checks your system and finds that he cannot access anything either. Even your backups are locked up! Each minute that passes is costing you money and your employees are at a dead stop. You suddenly remember that just last week you received an email from someone you did not recognize claiming that you won an Amazon gift card. The email had a link to click to claim your prize, which you did. However, you were taken to a suspicious website when you clicked on the link. Could this have been the cause of your now locked computer? Probably.

You wonder who did this to you and why have they selected you to wreak havoc upon. What did you do to deserve this? These attackers do not care about you, your customers, or your business. All they care about is your money. During the pandemic, they have crawled out of the woodwork like cockroaches. With businesses operating remotely, and people working by and large from home, the computer system vulnerabilities that many times we do not even know exist have allowed these vile intruders to attack more businesses and effectively shut them down. That is why is it critical to understand a few ransomware basics.

What is Ransomware?

Ransomware is a form of malware that encrypts files on a device resulting in these files and the systems that rely on them becoming unusable. Often, malicious actors will hijack computer systems to cause the encryption and then demand payment in exchange for decryption of the data and computer systems. A ransomware attack usually results in malicious actors shutting down your entire network and stealing every piece of valuable business intelligence stored on your computer. These malevolent individuals sometimes even hack into your backup systems too, making restoration of your computer systems impossible without the decryption “password” you must buy from these criminals.

Malicious actors have also adjusted their tactics over time and some now pressure victims for payment by threatening to release the stolen data and publicly name and shame victims. The economic and reputational impacts of ransomware incidents have proven to be very challenging for all types of organizations.

Additionally, ransomware attacks have been on the rise, particularly during the Covid-19 pandemic. A few years ago, such crimes were relatively rare. Today, they are the single most prevalent cybercrime. Last year, 2,354 American government entities, healthcare organizations and schools were the victims of ransomware attacks, according to a recent article in Security Magazine. The average ransomware payment at the end of 2019 was $84,116, according to Coveware, a ransomware incident response firm. Coveware reported that the average ransomware payout swelled to $178,000 in the first half of 2020. Just a year later, in 2021, Coveware reported that the average ransomware payment was $200,298.

Several large, well-known companies and organization have made recent headlines as the newest victims of a ransomware attacks. Some of the largest include Colonial Pipeline, Steamship Authority of Massachusetts, JBS (the world’s largest meatpacker), and the Washington DC Metropolitan Police Department. Just six ransomware groups are responsible for breaching the cybersecurity defenses of 292 organizations, according to a ZDNet article. ZDNet reported that these criminal organizations have so far taken more than $45 million in ransom money from their attacks. The following are some of the biggest ransomware attacks in 2021 according to the Touro College:

  • The attack on Colonial Pipeline by far wreaked the most havoc. The DarkSide gang was behind the attack. They targeted the firm’s billing system and the internal business network, causing widespread gasoline shortages up and down the East Coast. Colonial Pipeline eventually gave in to the DarkSide gang and reportedly paid them $4.4 million dollars in bitcoin which the law enforcement agencies were mostly able to recover.

  • Less press was received when Brenntag (a chemical distribution company) was attacked around the same time as Colonial Pipeline. The same criminals were involved and stole around 150 GB of data, demanding $7.5 million in bitcoin. Brenntag gave in to the demands and paid, ultimately, $4.4 million which has yet to be recovered.

  • Acer, the computer manufacturing company, was attacked by the Revil hacker group demanding a $50 million ransom, which was purportedly the largest ransom ever demanded.

  • JBS foods was attacked, and the ransom request was met having been paid $11 million in Bitcoin.

  • The National Basketball Association was attacked in mid-April of 2021, and it was claimed that 500 gigabytes of data had been stolen concerning the Houston Rockets basketball team. As of today, no payments have been made.

  • AXA, a European insurance company, was attacked on the heels of an announcement they made concerning changes to their cyber-insurance. More than three terabytes of data were accessed.

  • CNA Insurance Company was attacked in March and the attackers encrypted almost 15,000 devices including computers of employees, many of whom were working remotely.

  • Stolen data was released that the criminals stole from Kia Motors in February. The attack caused IT system outages and the gang, it is believed, demanded a $20 million ransom.

Cybercriminals also began targeting public school districts during COVID-19 as schools were relying on their computer systems for online learning. According to NBC News, some schools even considered paying the ransom fees despite warnings from the Federal Bureau of Investigations (FBI) not to do so. For example, according to NBC News, in March 2021, hackers infected Buffalo, New York’s schools with malicious code that spidered through their networks, resulting in teachers being unable to reach remote students because the teacher’s computers were frozen. The attackers required a ransom to restore the school’s computer systems. School officials ended up cancelling more than a week of classes to resolve the issue, according to NBC News. It appears that the Buffalo School District did not pay any ransom. Teachers and parents recently received letters from the school district informing them that vendor data was stolen as well as staff employment information, like social security numbers, phone numbers and payroll information.

Hospitals and city and county governments are often targets of attackers as well. Often lacking resources to shore up their IT defense strategies, cybercriminals are well aware of the wealth of valuable personal information maintained by such entities as schools, hospitals and government agencies that they can leak online.

Complacency if you are a small business with no customer facing web presence is not warranted. These businesses are under attack as well, with ransoms in the tens of thousands of dollars being paid by businesses that can ill afford the ransom, or the business interruption they cause.

To help avoid being in the headlines as the next victim, it is crucial to ensure that your employees know what ransomware is and that your business have a plan to prevent ransomware attacks and to defend against a ransomware incident, should one happen.

Stay tuned for our next ransomware article in which we will tell you what to consider in your ransomware prevention plan.

11 views0 comments