A Day in the life of a Ransomware Victim
What is Ransomware?
Ransomware is a method that cybercriminals use to extort money from businesses. It is a type of malicious software, or malware, typically spread by clicking a link from a phishing email, online forum, or social media post, that prevents you from accessing your computer files, systems, or network. Once downloaded it starts infecting your system and once it has reached all intended files, systems, networks, etc. it encrypts all of the data - essentially holding your business hostage until a ransom is paid. Ransomware has been around for decades but did not take off until the introduction of cryptocurrency.
Prior to cryptocurrency criminals had to create ways to extort money that could not link the attack back to them. A common way was through iTunes Apple gift cards in which they would then resell. Cryptocurrency provides an untraceable transaction for which they can now exact the ransom. There is no banking system to reverse or recover the ransom.
Cybercriminals have become much more sophisticated with their attempts as well. It is common for a target to be extensively profiled prior to the attack. By gaining information on the target's patterns, connections, and communications, a spear-phishing attempt can be made where the infected content is sent in disguise to the target with a much higher chance of success.
Real-world scenarios
Ransomware Victim #1
A large company in Salinas, CA was recently hit with ransomware. It is believed an employee must have clicked a link and over the weekend all company computers (approx 200 desktops) and systems were infected and encrypted. This system-wide attack prevented any and all access to the computer network and files.
Let’s break down what happened:
They did not have the right tools to detect and protect their network nor did they have the right processes in place for a reactive strategy. By the time the IT department became aware of the attack, they immediately shut things down. This is not the best first step.
The ransom was for $2 million in Bitcoin or another form of cryptocurrency like Ethereum. They called their insurance company who instructed them to not pay the ransom. They were also told to wipe out all systems and reinstall everything. Basically, start from scratch.
Their systems have been down for 3 weeks since the attack where they are just starting to recover some of their systems impacting over 120 office workers.
They cannot send invoices, collect payments, or do payroll. The company’s leadership and the accounting department are working 24/7 to cut paper checks.
Unfortunately, they had the financial wherewithal to prepare for this type of attack but did not take the necessary steps.
Ransomware Victim #2
This unnamed company had cyber insurance but elected to forgo the coverage of ransomware. They did detect the malware before it had affected all systems, servers, and networks. However, two weeks later and they are still not back up and running to full capacity.
“Most up in 10 days. Not filing. Suffer 200-300k in losses. Couldn't sell things. Unless you've been hit you can't really comprehend how debilitating it is”
Imagine you get hit on the weekend before invoices are to be sent out. Would your business survive? Is there enough cash flow, and lines of credit?
You can't go back to paper anymore. If you can't function, you are going to lose customers. They will go elsewhere, and your company will suffer reputational damages.
When a company gets hit once they are four times as likely to get hit again. When a customer is hit two times, they are 100% likely to get hit again.
How? Hackers hide a payload deep within the network and six to twelve months later, once the company is back up and running, they will launch another virus. Oftentimes they sell the information to the highest bidder and move on to the next.
What’s all the fuss
Just asking people to do the right stuff is not working. Proper cybersecurity is an investment and an ongoing process to maintain. The cyber landscape changes all of the time, daily, in fact, so processes and procedures need to be in place to properly secure and maintain the cybersecurity stature.
Cybercrime is growing exponentially. The growth of ransomware is just an example. Cybercriminals are getting more and more sophisticated. It is no longer a question of if you will be a victim of cybercrime, but when. Companies need to make cybersecurity a priority.
For more information on how to properly protect your business from ransomware contact CyberNINES today.