Ransomware could hold your business’ data hostage

NORTH BAY BUSINESS JOURNAL, NORTH BAY BUSINESS JOURNAL

What makes the news are the victims with well-known brand names:

• Target, late 2013 — Hackers install malware and capture credit card information from store shoppers at nearly 1,800 locations nationwide during a busy Thanksgiving Day weekend.

• Athem, ­early 2015 — 80 million records that included Social Security numbers, birthdays, addresses, email and employment information and income data for customers and employees, including its own chief executive are siphoned out of the health care providers’ database.

• Democratic National Committee, summer 2016 — By breaching its computer wall and gathering emails and others materials, hackers release image-damaging information about the presidential campaign and a party chairman is forced to resign.

All of it might seem well beyond a community, a local business or an “average citizen.” But compromising data is all around the business community.

In just the latest wrinkle, businesses dependent on computer records are being breached, and then thieves encrypt their information. To regain their data, a fee must be paid to the hackers.

Earlier this year, three Southern California hospitals came under attack using this scam, called ransomware, and, according to news reports, one hospital paid the hackers $17,000 to regain access to its records.

California legislators are now considering a bill that would classify the act as extortion, carrying with it potential jail time of two to four years. State Sen. Robert Hertzberg, who authored the bill, called ransomware “an electronic stickup” while a trade group representing companies like Apple and Microsoft joined in supporting the bill

“These criminals are turning ransomware into a sure way to cash in on just about any network intrusion,” said TechNet Executive Director Andra Deveau. “We must send a signal that this criminal activity is punishable in a way that will deter this type of activity.”

James Stickley is the CEO of Stickley on Security. He serves on several corporate boards and was co-founder of TraceSecurity Inc. According to his firm, he has been active in hacking in the past but now “his job is to find security flaws before the real criminals find them and warn people and organizations about what they can do to protect themselves.”

The Business Journal asked Stickley about ransomware, who it targets and how to deal with it as a business.

How does ransomware work?

JAMES STICKLEY: There are different types of ransomware but the main purpose is to put the victim into a situation where they are required to pay a fee in order to resolve an issue.

One of the most common forms of ransomware is when a users computer is compromised and all of their important files such as pictures, documents, Excel sheets, database files and other more critical business related files are encrypted and therefore inaccessible to the victim. The victim is then instructed to pay a fee and if the fee is paid, the victim will be provided with a key that can unlock the files. If the victim doesn’t pay, the files will remain locked forever.

What types of organizations and people are getting into extorting businesses with through ransomware?

STICKLEY: This ranges from organized crime to individuals and can come from any part of the world. Ransomware has been proven to be an effective means for extorting money, and criminals go with what works.

What kinds of businesses become targets for this?

STICKLEY: Any business can be at risk though hospitals seem to have a higher occurrence of these types of attacks against them.

What should a business or person do if someone is trying to extort money to get their data back?

STICKLEY: Well, they have three options.

Their first option is to simply pay the fee. In situations where there is no backup of the data that has been locked and the data is of extreme importance, this may be the only option.

The second option is to check and see if an antivirus security firm has discovered a decryption key for the specific version of the ransomware of the victim’s computer. While this is rare, there have been some cases where a master key has been discovered which can allow a victim to decrypt their files without having to pay the ransom.

The last option is to restore the locked data from a backup. This last option obviously assumes that the victims computer has been backed up via the cloud or an external device. In this case, again there is no need to pay the ransom since the data is not actually lost and can be easily restored.

Of course, one thing to keep in mind is that the computer has still been compromised and will need to either have the malware removed or the entire system reloaded to ensure that future attacks don’t occur.

How fast is this becoming a problem for businesses?

STICKLEY: I am not sure how you put a timeframe on this. This is a real threat now. Organizations that are not maintaining regular backups of critical data are at risk immediately. This is not something that is coming in the future, it is happening now.

What other types of cybercrime most commonly affect business?

STICKLEY: Any organization that deals with personal or confidential information is at risk of a cyber breach. Like ransomware, criminals have found that selling personal information can be very lucrative and often gaining access to this data is not always difficult.

A well-crafted email to an email who has access to confidential information can often lead to the compromise of their computer. Once their computer is compromised, the criminal now has the same access as the victim which means if the victim could access personal or confidential information, now the criminal also has that same access.