How Ransomware Could Hold Your Business Hostage

How Ransomware Could Hold Your Business Hostage

Put yourself in this picture: Your organization has a pretty good handle on data security. You have a secure firewall and good anti-malware software running on your systems. You monitor network traffic for suspicious activity. You’ve trained your staff in good cyber hygiene and reviewed your business partner contracts to make sure they’re doing their part to protect sensitive data. It’s “patch Tuesday,” your automated scripts are installing the latest security updates to your software, and you’re feeling pretty good until a staff member calls and reports problems accessing a data file. The next thing you know, ransom messages start popping up on user screens all over the company demanding payment to access their own data. Suddenly, you can’t control the digital information that is the lifeblood of your business, operations grind to a halt, and you have to make some hard decisions.

If you haven’t experienced ransomware yet, it’s probably just a matter of time. For cybercriminals, it’s an almost-perfect crime. For organizations and individuals, it’s their worst nightmare, and it’s just getting started. In this new series of articles, we’ll look at the epidemic of ransomware: what it is, how it gets into your systems, and what you can do about it.

Holding Data Hostage

Since the medieval highwaymen and the heyday of Al Capone, criminals have used extortion to hold hostage the safety and property of others. Ransomware, the latest generation in that long criminal tradition, gains access to a computer system and makes either the system or the data inaccessible, then attempts to extort payment from the owner in return for returning access. Often there is a limited time to pay, after which the data will be permanently lost, and the payment is typically in some kind of untraceable digital currency, such as Bitcoin.

The U.S. Department of Justice has now elevated ransomware investigations to the same priority as terrorism. Ransomware began to make national news back in February 2016, when the Hollywood Presbyterian Medical Center had to pay $17,000 in Bitcoin to free its system, followed by a string of attacks on other healthcare providers. Fast forward to 2021 and ransomware is not only still in the headlines, but the stakes are now much higher, with our nation’s critical infrastructure facing ransomware attacks — in fact, the Cybersecurity and Infrastructure Security Agency (CISA) has said that ransomware is “quickly becoming a national emergency.” The U.S. government now views ransomware as a matter of national and global security. Ransomware payouts have also grown exponentially: it is reported that Colonial Pipeline was forced to pay $5 million in ransom to a hacking group and JBS USA Holdings was forced to pay $11 million to resolve its ransomware attack. With digital extortion such a prominent threat, organizations of all types and sizes have fallen victim to ransomware — energy, meat, IT, oil, healthcare, law firms — consumers, small businesses, law firms, and even police departments.

Ransomware is a high-profit strategy for criminals. There are multiple steps to monetizing personal data, intellectual property, and other sensitive information that is stolen outright. It is often “fenced” on the dark web, then the buyer has to turn it into a false identity that can be used to fraudulently obtain goods or services. With ransomware, on the other hand, the victim has to pay the criminal directly, the payment happens within hours or days in untraceable currency, and there is no chain of custody to point to the criminals because the data stays on the victim’s system the whole time. What’s also troubling is ransomware works so quickly; it takes only three seconds for malware to start encrypting the files on your PC or network. Companies tend to respond quickly to ransomware attacks, making the crime to payout fast and lucrative. ZDNet sums it up, “Ransomware is successful because it works.”

Ransomware is Big Business

With quick payoff and no risks to the criminals, ransomware continues to spread like wildfire. “It’s professionalized more than it’s ever been,” said Raj Samani, chief scientist at McAfee. With ransomware attacks rising 150% in 2020 compared to the previous year, according to Infosecurity Magazine, it’s no wonder that organizations are having trouble keeping up.

The FBI estimates that a single ransomware attack against healthcare provider, Universal Health Services, resulted in losses of $67 million. Multiply that by the millions of variants that are now being released each year, even allowing for less successful ones, and it’s clear that ransomware is taking a huge bite out of the economy. Ransomware estimates alone don’t take into account the business losses that may occur during the hours or days that systems are locked, the costs of repairing or restoring systems, or the dire costs — including possible loss of life — when critical systems such as healthcare or energy control networks are held hostage. ZDNet reports that companies infected with ransomware have an average of 23 days of downtime.

Is Hostage Data Breached?

Not only has ransomware become one of the fastest-growing cybercrimes facing businesses today, but a cruel irony of ransomware is that it could also be considered a data breach, even though the data never leaves the victim’s systems. In a ransomware attack on healthcare providers and others that handle protected health information, they will also need to conduct the required incident risk assessment to decide whether breach response and notification are required.

Fighting the Ransomware Mob

The gangster Al Capone once said, “A crook is a crook, and there’s something healthy about his frankness in the matter.” Ransomware attackers are evolving their tools and their business models fast, from ever more efficient malware to ransomware for hire and “customer service” capabilities that help victims unfamiliar with digital currencies to make payments. The crooks are smart and agile, but in the end, they are just crooks. A concerted effort by security experts, law enforcement, and informed, prepared organizations will eventually stem the tide of ransomware. In the meantime, knowledge is your best defense, so in the rest of this series, we’ll look at different types of ransomware, where it comes from, how it works, and how you can fight it.