Headline: RansomWhere??

Date: 7/5/21

Body :This one’s going to be a little different.   Usually we cover a financial topic, and this one might not be exactly financial, but a financial risk is certainly involved.   Over the past few months, I have read many articles about ransomware attacks, and I think  it’s a severe enough threat to be dealt with in blog form.   Warning: I am in NO way an  IT professional, but, I think a little basic information could be of use here, and this basic information could certainly save you or your entity serious money.

What is ransomware?

The thing to know about ransomware is that it is a moving target.  In basic terms, it locks up an entity’s IT system from being usable.  It does so by encrypting the files using a key that only the ransomware creator has.   Often, the only way to regain access is to pay a sum of money (usually in untraceable Bitcoin) to the creator, who will then supply the password.   Examples in the popular press are legion and the problem is likely much larger than reported because many entities are worried about reputational damage.  Recently, the DC Police department had to deal with this problem when a bad actor stripped some data of potential police violence, and they were threatened with wide distribution of this footage.  More than once, the targets have included hospitals.   Without doubt, this can be life-endangering and must be dealt with.

The gangs that do this work are sophisticated

These are often gangs of professionally trained computer programmers, and not juveniles who are barely making rent payments on their childhood bedroom at Mom’s house.    They will often look at data they have swept up before making a demand, to uncover just how much money they can charge (and hopefully get) from the victim entity.  Second, these people know how people think and will often launch their attacks just prior to a holiday weekend so that the threat of detection of their intrusion is lower.  Finally, some of these gangs write software for use by others, for the purpose of perpetrating ransomware attacks; This is referred to as “ransomware as a service” and it seems the crime “wave of the future.”

What can be done to prevent an attack?

A good source for information on this is CISA, a Federal agency.  CISA (and no, I had never heard of them either), stands for “Cybersecurity and Infrastructure Security Agency.”   They list a variety of things that can be done to make ransomware attacks less likely.   But, please note, this makes them less probable, not impossible

RecommendationComment
Update software and operating systems with the latest patches.Patches are small sections of code that are issued by software vendors after a vulnerability has been found.  
Never open links or attachments in e-mails received where you don’t know the sender.Opening e-mails is usually a fairly safe activity.  The problem is when links or clicked or attachments are opened.   This can send you to a disreputable site or give permissions to an unknown system to add data to your system.
Backup data on a regular basis.For my own business, I backup to an external hard drive every month.   So, if something untoward happens, I only lose a little.   Another option is to have a Dropbox account or something similar.
Restrict users’ permissions to install software applications.Only your IT administrator should have rights to do this work.   If anybody can install software, you do not know the source of the product, and malware of all types can infect your system.

To the best of my research, there are any number of products for sale to use against malware in general and ransomware in particular.  But they all seem to boil down to buyer (of data) beware.

If an Ounce of Prevention is worth a Pound of Cure… An ounce of Detection is worth at least half a pound of Cure…

How do you know if your computer is infected? Here are some ways to detect a ransomware attack:

Detective ProtectionComment
Anti-virus scanning programs can sometimes detect ransomware, and send you an alert.Some ransomware is specifically engineered to avoid these scans.
Be aware of the file extensions on attachments.You might want to start a firm policy that only attachments with a .pdf or .doc extension can be downloaded from e-mail applications.
Increased CPU activity.If the program being used is small, the CPU activity required should also be minimal.  For instance, I am writing this on Word, a local program.   So, if opening it took a long time, there could be malware or ransomware lurking on the network and slowing down the processing.

Just like a disease in your body, the sooner you discover it, the better.   Skin cancer is a serious and threatening condition, so to prevent it, look for “freckles” on you skin to change in shape or size.  If you see this happen, consult your doctor immediately because it is most treatable if caught in the early stages.    A similar logic can be applied to the information technology assets of your organization.

What if I am attacked?

If you are attacked, it is generally not recommended that you pay the ransom demanded because there is no protection that the bad actor will supply the decryption code promised.

  1.  Limit the damage by separating the potentially infected machine from your network (both physically and logically.)
  2. Contact the authorities immediately.  The FBI takes this kind of crime VERY seriously.
  3. Implement the most recent of backup data that you know is clean.
  4. Notify your clients, vendors and personnel.

Verdict

Just like a disease in our physical bodies, ransomware can be scary.  It was not clear to me how much threat there was until I realized that there were now insurance products to insure organizations from this threat.  But, regardless of how serious this threat CAN be, simple policy changes and building awareness in your personnel can go a long way in protecting yourself and your clients.

 REFERENCES

https://www.cisa.gov/ransomware

https://www.npr.org/2021/07/05/1013117515/scale-details-of-massive-kaseya-ransomware-attack-emerge

https://www.kaspersky.com/resource-center/preemptive-safety/ransomware-removal

https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/ransomware

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

Leave a comment

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap