It’s a nightmare scenario.
Your business thrives online, and that’s where it can be most at risk – from a nameless party that can seize control of your network, holding your data hostage.
We’re talking about ransomware. It’s one of the biggest security problems on the internet and one of the most dangerous forms of cybercrime. It leaves victims with few choices – either you regain access to your network by paying a ransom to criminals, or you gamble on restoring the system while hoping you can decrypt the malware that now holds your data captive.
Unfortunately, no industry, business segment or even government entity is immune to this form of attack. Fraudsters indiscriminately choose their targets, mostly based on known vulnerabilities, and embed their code into system servers or PCs.
The code is typically delivered through a hyperlink in a website, a link or attachment in an email, or a compromised portable storage device.
The malicious code then attacks the directory networks containing your files and data, rendering them inaccessible and useless unless the ransom is paid.
It’s not a 21st century phenomenon.
While activity has surged recently, the first known instance of ransomware occurred in 1989 with what was deemed the PC Cyborg Trojan, forcing the infected client to pay a $189 ransom, sent by cashier’s check or money order, to a post office box in Panama.
Today, ransoms have increased exponentially in price, and most use untraceable digital currency or prepaid cash gift cards for settlement. Once the ransom is paid, the fraudster promises to provide the victim with an encryption key to access the stolen files – and then walk away.
Whether you choose to pay or ignore the ransom, your information will more than likely be handed off to the dark web for other illicit purposes.
Kenneth Valentine retired as a special agent of the U.S. Secret Service. He then brought his expertise to Regions Bank, where his insights help protect customers.
What keeps me awake at night is the lack of cyber hygiene and routine maintenance that would thwart nearly all ransomware attacks.
Kenneth Valentine, Corporate Security senior director for Regions
“The fact is there’s a criminal element out there exploiting the vulnerable through ransomware attacks,” said Valentine, a Corporate Security senior director for the bank. “What keeps me awake at night is the lack of cyber hygiene and routine maintenance that would thwart nearly all ransomware attacks. These lapses in prevention can be easily resolved.”
Valentine points to the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency’s recommendations to protect users from ransomware:
- Update software with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Back up data on a regular basis. Keep it on a separate device and store offline.
- Follow safe practices when browsing the Internet.
According to the cybersecurity firm Recorded Future, more than 100 state and local governments, including school districts, were victimized by ransomware in 2019 alone. In a single event, 22 towns in Texas were attacked at the same time.
Attackers can be lone wolves looking to create disruption or criminal enterprises looking to steal money and data.
To be prepared, authorities advise, businesses, governments and local organizations need to be proactive by creating an effective cybersecurity program, constantly monitoring the IT environment, and preparing for the worst-case scenario – wargaming, if you will.
The failure to prepare can be astronomical. A town in New England received a ransom demand of $5.6 million to restore its system.
In addition to the immediate cost of the ransom demand, ancillary costs can be staggering trying to repair files and restore reputation.
The Cybersecurity & Infrastructure Security Agency recommends organizations employ the following best practices:
- Restrict users’ permissions to install and run software applications, and apply the principle of least privilege to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching end users, and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and keep malicious files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
So, what happens if your business is compromised? Valentine said a good response is to follow these suggestions from the Federal Trade Commission:
- Limit the damage by immediately disconnecting the infected computers or devices from your network.
- Report the attack to your local FBI office, and file a complaint with the bureau’s Internet Crime Complaint Center.
- Keep in mind: Law enforcement does not recommend paying the ransom. It’s up to the victim to determine if the risks and costs are worth paying
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/stopfraud, or speak with your banker for further information on how you can help prevent fraud.