Proudly serving Vancouver, WA and Portland, OR since 1935

+1 360 695 3301

What is Ransomware – and How to Avoid It

Ransomware: the big, bad Boogeyman of modern day businesses. Here’s the skinny on this formidable threat, brought to you by Tom Kang, product manager of cyber products at The Hartford. Also, if you’re a businessowner who might benefit from a free appraisal of your company’s e-security risks, give Biggs’ own IT guy – Matt Slade – a call at 509-679-2009!

The first ransom note in American history was written in 1874, when kidnappers demanded $20,000 to return four-year-old Charley Ross to his parents. “You wil have to pay us before you git him from us, and pay us a big cent to,” the note read.
Ransom notes have come a long way since the hand-scribbled messages of post-Civil War times. In our modern-day digital world, their form has morphed into malicious software that holds a computer and its data hostage, setting them free only when the ransom money demanded is paid – usually in cryptocurrency like Bitcoins in lieu of paper money in a suitcase or sack. Personal computers are most commonly attacked, but businesses of all sizes are a growing target.
The first case of ransomware dates back to 2005, and the number of attacks has grown exponentially since then. According to the 2017 SonicWall Annual Threat Report, ransomware attacks grew from 3.2 million attempts in 2014 to 3.8 million in 2015, and then rose meteorically to 648 million attacks in 2016.
The average ransom paid likewise shot upward. Symantec’s 2017 Internet Security Threat Report states that ransoms jumped from $294 in 2015 to $1,077 in 2016, but ransoms as high as $70,000 or more are not unheard of.

How Does Ransomware Get on Your Computer?

Ransomware may be triggered in different ways: a phishing email that looks like a legitimate invoice or image, a visit to an infected website or an ad containing malware that has been injected into a legitimate webpage. When an unsuspecting victim opens the email or inadvertently falls into a online trap laden with ransomware, the virus is silently installed on the victim’s computer.
Employees click on phishing emails anywhere from 8 to 20 percent of the time, depending on how enticing the content is, according to the 2016 Phishing Susceptibility and Resiliency Report. If 10 employees receive the same phishing email, it’s almost certain that at least one of them will click on it, posing a real risk to business owners.

What Does Ransomware Do?

Ransomware holds its victims hostage in one of two ways:
  1. Lockscreen ransomware displays a window that prevents access to any part of the computer until a sum is paid.
  2. File-encrypting ransomware is a more sophisticated adaptation that keeps the computer available but scrambles certain types of files, such as databases that hold sensitive or proprietary customer and business information. Then it displays a pop-up screen with detailed instructions on how to buy the private decryption key that will decrypt the scrambled files.

How Should You Respond?

Lockscreen ransomware can often be cleared by shutting down the infected computer and starting it back up again, but there’s no such simple fix for file-encrypting ransomware. Lack of access to essential data can be crippling for a business, and compel business owners to act quickly to resolve the intrusion.
The right response is to neither negotiate with nor pay the perpetrator. Those who do not only encourage continued crime, they may also pay a heavy ransom and never get their data back. But the element of time and other practical considerations can sometimes force a business owner’s hand.
If your business falls victim to ransomware, take these steps:
  1. Report the incident to your local FBI office and file a complaint with the Internet Crime Complaint Center.
  2. Restore file backups if you have them. Backups are your best protection against an intrusion and can immunize your business from the effects of an attack.
  3. Check your insurance coverage. Cyber insurance policies may cover the cost of the ransom money paid and provide response assistance. Before you act, review policy terms regarding:
  • What is and isn’t covered
  • Requirements for prior consent
  • Guidelines on how to respond. Does the insurance company want to interact with the bad guys or do you make the decisions?
  • Services and resources to guide you through the response process, including third parties to coordinate with law enforcement and handle negotiations
  • Ransom reimbursement
If you decide to pay the ransom, payment is generally required in Bitcoin, a mysterious and unfamiliar form of currency for most people that has a learning curve associated with it. You’ll need to set up an account at an online exchange and purchase Bitcoin in order to release funds to the extortionist.

How Can You Protect Your Business From Attack?

Businesses should anticipate the real possibility of cyber extortion and take preventive measures now so they don’t fall victim later:

Source: The Hartford