Original Article By: Jayne Gest, Smart Business Cleveland (Published Nov. 22, 2019)
If The Idea Of A Ransomware Attack Doesn’t Keep You Up At Night, It Should
Shawn Richardson, principal of Cyber Services at Rea & Associates, says ransomware is like New York City. (Are you wondering where we’re going with this? Stick around a little longer and we’ll explain.)
First, understand that ransomware is a type of malware (malicious software) designed to threaten to publish the victim’s data or block access to company data until a ransom is paid. There are two main types of ransomware designed to encrypt or lock out information so data is not readable and the victim cannot gain access.
- Locker ransomware – locks the computer, server or device.
- Crypto ransomware – which prevents access to files or sensitive data through encryption.
Well, like the changing skyline of New York City, a variety of factors have resulted in significant changes being made to the overall structure of ransomware over a period of time.
Believe it or not, ransomware isn’t a new phenomenon. It actually dates back to the late 1980s when biologist Joseph Popp (not to be confused with Rea’s state and local tax expert, Joe Popp) created the AIDS Trojan. Needless to say, the malware has been spreading and evolving since.
Just like how New York’s buildings have constantly changed over the past 25 years, ransomware continues to get bigger, better and more modern.
“It’s gotten sophisticated,” Richardson says. “The ransomware is injecting itself inside of applications, such as email through phishing. Often, all it takes is someone clicking on the email and executing some malicious code. Then, it attaches to local information stores like customer databases or accounts payable.”
Once a user has become a victim of a ransomware attack, the cybercriminal behind the operation might promise to restore the data if the victim pays a ransom – but, in truth, there is no guarantee that the data will ever be recovered – even if you meet their demands.
Smart Business spoke with Richardson about the ransomware threat for the November edition of its print publication. During the interview with author Jayne Gest, Richardson answered several key questions designed to elaborate on the current cybersecurity crisis businesses nationwide, large and small, are facing.
Listen to episode 169, “The Cybersecurity Battle Plan For Businesses,” featuring Paul Hugenberg, III, on Rea’s award-winning podcast, unsuitable on Rea Radio.
What are examples of ransomware attacks?
The most prevalent types of ransomware are CryptoWall, Locky and WannaCry. But as they get used, people take the code, make copies and improve upon it with higher levels of encryption. There are variants that are uncrackable, and federal authorities don’t have the ability to reverse engineer the modified versions of ransomware.
In one case, ransomware was dropped into a company’s Microsoft Office 365. It got ahold of the user database and locked it down. Then it elevated the account permissions to allow the attackers to exfiltrate information and sent emails to the organization’s bank. Fortunately, the federal authorities caught on to what was happening before funds were transferred.
In another instance, a services company with less than 50 employees was attacked. The ransomware hit the backups first, which were not properly segmented off from the existing networks, and then locked its customer database and service contracts. The business never recovered the data and ultimately had to go back to a backup that was incomplete and nearly a year old.
It’s also important to remember that organizations that pay ransom are more likely to be hit again. Plus, there’s no guarantee the bad actors will follow through and unlock the data. In some instances, the attackers ask for a little bit of money first to generate trust and then extort more funds.
Organizations that pay ransom are more likely to be hit again. Plus, there’s no guarantee the bad actors will follow through and unlock the data. In some instances, the attackers ask for a little bit of money first to generate trust and then extort more funds.
cybersecurity & data protection
Do businesses need to actually be attacked to feel the effects of ransomware?
No. A business can run the risk and hope nothing will happen. But, at some point, it may grow large enough that its contractual obligations with third parties will require some sort of cybersecurity framework, audit, software, etc. Otherwise, the company won’t get that business.
Which companies face the greatest threat?
Small and midsized businesses are the most at risk today because they are the lowest hanging fruit within the threat landscape. Surveys have found that an estimated 80 percent of small and midsized businesses have been victimized by ransomware within the last 18 months, and only 20 percent of them reported it.
These companies typically don’t have an IT company with expertise in security mechanisms and controls managing their infrastructure. Owners of small and midsized businesses often don’t put the resources into a cybersecurity strategy because they don’t recognize the need — although this is starting to change as they are targeted.
Within the small and midsized business sector, the most targeted are health care businesses, which includes small doctor’s offices, and government organizations like schools.
Where do you recommend businesses start with risk mitigation?
You should put in security controls and a framework to protect your company. Bring in a trusted advisor to talk about the risks within the operation and how to protect important data. Consider putting in a customized cybersecurity strategy that makes sense — John’s Auto Body will have a very different approach than Bob’s Dental, which must follow certain regulations.
It all starts with a business conversation and it’s critical to have that conversation before the bad actors get ahold of your information.