Uh oh, My Computer is Possessed!
These dreadful words can mean not just a headache for your business, but thousands or even hundreds of thousands in order to retrieve your company’s most precious commodity, data. Ransomware attacks increased from one every two minutes to one every 40 seconds from January to September 2016 alone, says a report from security company, Kaspersky Lab. Further, the research showed that small and medium sized businesses were most severely impacted by the attacks. According to Kaspersky, “sixty-seven percent of companies affected by ransomware lost part or all of their corporate data and one in four victims spent several weeks trying to restore access.”
How do these attacks happen?
It’s as simple as a quick as opening an email and clicking on a link that takes you to an infected website. Rather than just tricking you into downloading a virus, the new ransomware literally sneaks onto your system and locks out your computer, worse yet, in some instances, pornography or other illicit images replace your happy dog screensaver. The Ransomware then informs you that pieces of your data will be destroyed every 30 minutes until you agree to pay whatever amount they are asking. To pay the amount, you are told to send an initial nominal payment of $10 or something similar to be wired through Western Union or other form of online currency such as the untraceable Bitcoin. The criminals start with a minor payment assuming that you will pay the amount to put the whole incident behind you. What they also know is that the first payment will just be the beginning. If you are a business, the ransom will be considerably higher and the associated cost to your business’ data even greater.
Protecting Your Data
Employee IT security training and enhanced IT precautions are a must. Spend the time to not only train employees on ransomware attacks, but other aspects of IT safety and security. “One in five threats that resulted in significant data loss were a result of employee carelessness or lack of security protocols,” continues Kaspersky. If you haven’t already performed a security audit, schedule one as soon as possible. Traditionally performed by an outside third-party vendor, the audit will highlight IT system strengths and weaknesses so that you can take steps to improve. Once trained, provide reminders and retraining opportunities to keep the threats at bay.
Use Antivirus software and a firewall. Why a firewall? The firewall acts as a sentry at the front of your internet protecting your data from unwanted intruders. The antivirus software will block invisible threats that arrive through your web browser, email and those annoying popups.
Pop-up Blocker – So prevalent are pop-ups that they deserve their own bullet on the list. Pop-ups are a popular way for criminals and viruses to introduce themselves into your computer and your data. Avoid clicking on any pop-up and enable your pop-up blocker in your web browsers and in your antivirus software.
Avoid fake or free antivirus programs and companies. There are many disreputable websites that are posing as legitimate sites for decryption and attack assistance. Be sure that you are going to a reputable, legitimate website for help. Tech websites like CNet.com will have steps and links for trusted resources.
Back-up data frequently and store your back-up in the cloud or on an offsite server.
If you do receive a ransomware attack, immediately disconnect from the internet so your data doesn’t continue to be transmitted back to the criminals. If you have back-up data stored on a separate server, try reinstalling your software. If this is out of your purview, take your computer to a reputable computer repair company for assistance.
Check the No More Ransom website. The website has been established by security companies like Intel Security, Kaspersky Lab, Europol, and others to help victims validate threats and if available, provide decryption tools that can assist with file retrieval.
Alert authorities as soon as possible. Ransomware is a form of extortion and against federal law. Local authorities are not equipped to handle these types of incidents, but your local FBI field office is trained and will want to know about the attack for tracking purposes.
Security agencies advise not paying the ransom amounts as there is no guarantee that you will receive the decryption codes or that this initial attack will be the last.
If you found this article useful, please do not keep this a secret. Share it with a friend.
Copyright 2017 by Steven A Feinberg (@CPAsteve) of Appletree Business Services LLC, a PASBA member accountant, located in Londonderry, New Hampshire.