In the past few weeks, we have seen several high profile cases of ransomware extorting money from businesses and law enforcement agencies around the world. Ransomware is software that encrypts the victims’ computer systems using a key known only to the attacker. Once the system is fully encrypted, a demand for payment is made (almost always in Bitcoin or a similar cryptocurrency). If the payment is made, the key to unlock the data is given to the victim.
While it may sound like a joke when I describe ransomware to our clients and mention how the criminals generally set up high-quality super-efficient customer service operations to help victims get their data back after they pay, it is actually true! But if no payment is made, the data is usually not recoverable by any means due to the strength of the encryption. This is, unfortunately, proving to be a sound and effective business model.
One recent case involved a police department near Dallas. They were infected after an officer opened an infected attachment. A great deal of evidence, including videos and photos, was encrypted. Some documents had been backed up offline, but the department decided not to pay the ransom, and the data that was not backed up has been permanently lost.
Another case that unfolded just last weekend involved a hotel in Austria. The hotel uses the typical magnetic card locks for the doors to its rooms. The hackers were able to infect this system and prevent guests from entering their rooms. The hotel ended up paying the ransom. Several news reports on this incident mention that the hotel doesn’t expect to be able to recover its losses from its insurer. While reports are unclear about why, it is likely because they don’t have an explicit affirmative cyber policy.
How can you protect your business or your clients’ businesses? Here are a few simple ways:
- Be careful of the links you click on and the websites you visit. Malicious attachments, hacked sites, and links in social media are very common infection methods.
- Back up your data offline. If you have an external hard drive that is permanently attached to an internet-connected machine, it is just as much at risk at the computer itself. CDs and DVDs as employed by the police station near Dallas are a good method because they are truly “air gapped” from the internet.
- Many affirmative cyber policies, including ISO’s own form, include coverage for ransom and extortion.
- Begin to make use of the Verisk Cyber Exposure Data Standard, a uniform way to capture information on the cyber risk of a business.