By: Kevin Sullivan, Guest Blogger and Director of Compliance
Published March 29, 2017
You get to your office early Monday morning as geopolitical events over the weekend are rocking the markets. You have several voice messages lined up and are running through them as you log onto your computer. This message opens on your screen.
Ransomware scams are on the rise, and the above is just one example of a type of malware that can restrict the use of your computer or block access to your files unless you pay a “ransom” that can range from hundreds to thousands of dollars. Oh, and guess what? You are technologically challenged and they want you to pay in bitcoin. “Can someone point me to the nearest bitcoin currency exchange?” Ransomware attacks are not just directed at home computers. Small financial services firms without the budgets to counter cyber-crime are particularly susceptible to an attack, often with devastating operational effects. A potential greater effect is the reputation harm to your business associated with the loss of client personal identifiable information.
So how do you prepare yourself and your business to deal with ransomware?
- Back up your data daily with a cloud service that automatically backs up your files, or back up to an external hard drive.
- Employ strong firewall and antivirus software with ransomware protection.
- Keep software up to date and allow for automatic update options.
- Do not enable macros for documents attached to an email.
- Avoid phishing: Do not click on links or email attachments from addresses you do not know. Be suspicious of social media platforms with links that look harmless.
- Always voice verify any banking or security related requests: No matter what your industry, the hackers know your language. Long gone are the emails claiming a long lost inheritance from some uncle you don’t know who lives in a country you’ve never heard of. They are criminals, and they are clever.
- Educate your employees on the above.
So back to the scenario. Markets are moving, clients are calling and your business has just come to a grinding halt at the most inopportune time. Do you panic and pay? Will that ensure you get your files back?
Maybe, but the odds are you will still never see your files again. That punk hacker from some third-world hellhole or your neighbor’s basement just took the money and ran. If you don’t want to find yourself in this situation, then take the time to protect your devices and use common sense.
Ok, I didn’t do what I should have done and now I’m a victim of ransomware-cyber extortion. What should I do?
First and foremost, bring in law enforcement. It is a crime and it needs to be reported. Most states now have a cybersecurity unit. In New Jersey, you can receive updates on ransomware and other cyber threats from the NJ Cybersecurity and Communications Cell (NJCCIC). Since July 2015, some 150 variants of ransomware have been profiled by this unit. Out of the 150 known variants, 79 have publicly available decryption tools with recovery options. While not all ransomware can be decrypted, NJCCIC can help in directing you toward these potential recovery tools.
Is cybersecurity really an issue that I need to worry about, or just some Y2K type of cyber hype?
Well, in 2013 a ransomware known in the cyber world as CryptoLocker came on to the scene. In just four months it raked in or hacked $4mm. Think about the tools you need to enter the world of cyber-crime: with just a laptop and some knowledge, you can do it from anywhere. The retail store Target is still recovering from a 2013 attack that resulted in the theft of 40 million credit cards and personally identifiable information from 70 million customers. They have the resources to handle it, but if your business experienced something similar, would your doors still be open a year from now? Stay in business. Be cyber smart.