One of the least understood cyber threats to businesses is ransomware, which hackers use to shut down an organization’s computer system until the victim pays a ransom to unlock it.
While most organizations focus on the cost of the ransom, which is typically less than $1,000, the costlier damage is to the company’s operations, which can be hampered or completely shut down after their systems are rendered unusable.
Ransomware is one of the fastest-growing cyber threats and attacks are expected to grow 300% in 2016 from the year prior, making it vital for your organization to have in place systems to reduce the chances of becoming victimized.
Ransomware typically enters a company’s systems after an employee clicks on a link in a rogue e-mail, which allows the malicious code to infect the company’s systems and eventually shut them down, locking out all users and making all or some of the data inaccessible. After it has frozen the systems, it will demand a ransom to unlock it.
According to a recent survey by Hiscox, the bulk of ransomware attacks lead to business interruption losses:
- Corporate loss of business income or services: 36%
- Corporate loss of digital assets: 16%
- Corporate loss of financial assets: 3%
- Breach of personally identifiable information: 25%
- Breach of personal financial identity: 17%
- Breach of personal health information: 3%
But, experts believe that a significant portion of ransomware attacks go unreported, making it difficult to get a grasp on the full effects.
And while most states have laws requiring organizations to report privacy breaches, that’s not true for ransomware attacks.
The full damage
According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million with the average ransom demand being $10,000. But when smaller companies are targeted, the ransom can sometimes be as low as $500 to $1,000.
The ransom is usually the smallest cost to a company, as most businesses also have to contend with:
- The cost of lost productivity
- Lost profits
- Harm to business reputation
- The cost of reconstructing data
Ransomware typically targets your most important data, but sometimes it just makes your entire system unusable. It may also lock down your marketing materials, payroll data, intellectual property, financial transactions and health records.
Some companies try to beat the hackers by hiring outside professionals to decrypt all of the information that the ransomware perpetrators have frozen.
But that’s a risky proposition because it often leads to incomplete data recovery. Full recovery is usually only possible with the decryption key.
Ransomware criminals who are not paid will often destroy the key, leaving affected companies in a more serious bind.
If you’re lucky, a ransomware attack may only be confined to one server or computer. But if it hits the right servers, it can spread throughout your organization to all users and, if you are connected with vendors or partners, it can even spread to their systems.
There are a number of tactics that ransomware criminals use, such as:
- Holding the data hostage
- Threatening to disclose confidential or proprietary information
- Threatening to sell or auction confidential or proprietary information
CFO magazine recommends that you do the following to reduce the risk of being hit by ransomware:
- Train and educate personnel on an ongoing basis.
- Specifically address and plan for ransomware in your disaster recovery and business continuity plans, including testing of those plans.
- Ensure that all anti-virus and other security software is properly updated. This software will detect and eliminate many forms of ransomware.
- Engage a third-party expert security vendor to assess your organization’s systems and procedures.
If you suffer a ransomware attack, you should:
- Identify and isolate infected and potentially infected systems.
- Disable shared network drives connected to the infected systems.
- Consider suspending regular backups of those systems to prevent the virus from spreading further.
- Engage an information security consulting firm that specializes in assessing and mitigating these sorts of attacks.
- Send out a memo to all your staff warning them of the infiltration and to not open e-mail and attachments from suspicious sources.
Cyber insurance can help pay for the effects of a ransomware attack. Depending on the insurer, some policies will pay the ransom, while others expressly exclude it, citing the “moral hazard” of such coverage.
If you are concerned about the damage a ransomware attack could inflict on your organization, call us to discuss your cyber insurance options.