How to protect your business against cyber threats like Ransomware.
The digital revolution and the interconnected nature of the modern world has created endless opportunities for Australian businesses. However, it also means those businesses must learn how to cope with a new breed of potential threats and problems, the list of which is headed by ransomware.
A form of extortion, ransomware locks computers or encrypts files to trick you into handing over your money. It can have serious consequences for anyone affected, so let’s take a look at what you can do to protect your business against ransomware.
Get insurance made for cyber risks like ransomware
Why consider a policy from Edmund Insurance?
- Dedicated cyber insurance
- 24/7 emergency response
- Covers threat of extortion costs
The history of ransomware
You might think that ransomware is a relatively new problem but the first known version of this nasty malware was actually encountered back in 1989. Known as the AIDS Trojan, this threat was spread via a more traditional method, with 20,000 infected floppy disks handed out to attendees of the World Health Organisation’s AIDS conference.
Once the software on the disk was loaded, it started counting the number of times the computer was rebooted. When that count reached 90, it hid the directories and encrypted the names of the files – and the only way to have those files decrypted was to pay $189.
From these primitive roots, ransomware has evolved into a much more lucrative pursuit for hackers, with ransom demands climbing into the hundreds of thousands of dollars and even as high as $1 million. Thanks to the Internet and email, it’s also much simpler to spread ransomware and affect a much wider range of businesses, government departments and individuals.
In May 2017, the “WannaCry” ransomware attack saw a ransomware cryptoworm target over 230,000 computers in more than 150 countries. It encrypted data on infected computers and demanded ransom payment in Bitcoin, affecting organisations like the UK’s National Health Service, Spain’s Telefonica and Germany’s Deutsche Bahn.
How does ransomware work?
Ransomware is a type of cyber attack that sees hackers take control of a computer system and its files, blocking access to them until a ransom has been paid. It usually infects computers via a phishing attack, which tricks victims into downloading malicious software onto their computer by clicking on a link or downloading a file they believe to be safe. However, it can also be spread via removable USB drives or messenger services.
Once the software has been installed, it can either lock your computer or find and encrypt all the files on your computer. Hackers than demand a ransom payment if you want to be able to access your files again.
Types of ransomware
There are two basic types of ransomware in circulation today:
- Locker ransomware. This malware locks the computer from use and demands payment for it to be unlocked.
- Crypto ransomware. This type of malware encrypts the files on an infected computer and demands payment to decrypt them.
What does Bitcoin and cryptocurrency have to do with ransomware?
Unlike the 1989 AIDS Trojan, which demanded that users send the ransom payment to a post office box in Panama, today’s hackers request a much more modern form of payment. Most hackers request payment in Bitcoin, a decentralised digital currency that allows people all over the world to anonymously buy goods and services.
There are no names, addresses or other contact details attached to a Bitcoin transaction – only digital wallet IDs are used, making it extremely difficult to trace the location or identity of the cybercriminals. As a result, Bitcoin is a popular choice of ransomware payment for hackers.
In what medium do ransomware attacks occur?
Most of us associate ransomware attacks with desktop computers and laptops, specifically those running Windows operating systems. However, ransomware has also been developed to target Macs.
Unfortunately, ransomware can also affect mobile phones and tablets, and experts expect that it could soon be specifically designed to target smart watches and other forms of wearable tech.
What to do if you're infected
If you’re the victim of a ransomware attack, follow a few simple steps:
- Disconnect your computer from any networks
- Turn off your computer
- Notify your IT department or a trusted IT company – they’ll be able to advise you how to get your computer back up and running
- Make sure everyone else in your business is notified about the attack
- Report the attack to the Australian Cybercrime Online Reporting Network
Then comes the difficult question of whether or not to pay the ransom.
Should you pay?
The answer to this question depends on who you ask. Some, including Joseph Bonavolonta, the Assistant Special Agent in charge of the FBI’s CYBER and Counterintelligence Program, advise paying the ransom. If the risk of losing important data and files could be catastrophic for your business, the best thing to do may indeed be to pay the ransom.
According to the FBI, most ransomware payments are between US$200 and US$10,000. Because many people decide to pay, ransom amounts tend to remain relatively low and, surprisingly, hackers are often good to their word and allow you to access your files once again.
On the other hand, there’s absolutely no guarantee that paying the ransom will ensure that your computer is returned to its original state. There have been several documented cases of the hackers only partially decrypting files and then demanding further payment, while there’s also the risk that paying once could make you an ongoing target for malware.
That’s before we even get to the ethical dilemma about whether you should be paying criminals and therefore encouraging further crime. And if your business is infected with a defective strain of ransomware, you won’t get your files back no matter how much ransom you pay.
Taking all this into account, most experts do not recommend paying the ransom.
Protecting your business against ransomware
Prevention is always better than cure, and there are a few simple things you can do to protect your business against ransomware:
- Make sure to regularly update your operating system
- Backup all your important files and data regularly
- Install antivirus and anti-malware software on all devices
- Avoid installing or downloading files from unknown or untrusted sources
- Consider cyber insurance that includes cover for ransomware attacks
By choosing a cyber insurance policy tailored to your business, you can enjoy a level of protection against the financial damage a ransomware attack can cause. Not only can it help you connect with cybersecurity and PR crisis experts in the event of an attack, but also cover the cost of investigation, legal and extortion expenses.