American ExpressAmerican ExpressAmerican ExpressAmerican ExpressAmerican Express
United StatesChange Country
Business Class

November 12, 2019

Ransomware: What to Do If Your Computer System is Hijacked

Ransomware: What to Do If Your Computer System is Hijacked

Julie Bawden-Davis

Writer/Author/Publisher/Speaker, Garden Guides Press

Summary

Ransomware incidents are rising. Discover what you can do if your computer system is attacked, including if it's wise to pay ransom.

An early October 2019 public service announcement from the Federal Bureau of Investigation (FBI) warns that ransomware attacks on computers are becoming more sophisticated.

Ransomware is a type of malware that makes data on a computer or server inaccessible, usually by encrypting it. The cyberthief then demands a ransom in cryptocurrency in exchange for a decryption key.

"Ransomware attacks affect organizations of all types and sizes, but recently cyberthieves have focused on hospitals and city governments where disruptions cause significant issues. That makes the chance of receiving ransom money more likely," says Corey Nachreiner, CTO of WatchGuard Technologies, a network security and intelligence company.

Who Are the Likely Targets of Ransomware?

Small and medium-sized business are also often targeted by ransomware, adds Zohar Pinhasi, CEO of Monster Cloud, a cybersecurity firm that specializes in ransomware recovery.

"We found that small businesses were victims of about half of all ransomware attacks in 2018," says Pinhasi. "Reasons for this include having outdated security components such as firewall and anti-virus software and outdated operating systems."

According to Pinhasi, ransomware attackers prefer smaller businesses over large ones.

"Such companies are low hanging fruit," he says. "The cyberthieves can infiltrate rather easily and get a decent payout—somewhere in the range of $100,000 to $300,000. Small business can't afford the downtime and will pay the ransom, and hackers know that."

Murray Seward, CEO of Outback Team Building & Training had a brush with ransomware years ago. Now he and his employees spend a great deal of time avoiding more attacks.

"Back then, one of our junior team members opened an email attachment disguised as a legitimate business file," says Seward. "Today, our email system is far better protected against ransomware.

"However," he continues, "emails from fraudsters pretending to be me still get through. This has resulted in my team members not even responding to legitimate requests I send them via email."

Ransomware Detrimental to Business

"A ransomware attack can destroy a business by disrupting cashflow, putting the business website offline, halting CRM access, taking down phone systems and making accounting systems inoperable—all simultaneously," says Colin Bastable, CEO of Lucy Security, a cybersecurity company.

Having a backup that you test regularly can prevent you from having to pay the ransom and/or losing all your data... Having a copy of your data stored offsite locally provides quicker access and a faster recovery.

—Lisa Good, CEO and co-founder, GSG Computers

"Even if the business recovers its data, the commercial damage from lost business and degraded customer relationships is considerable and long-lasting," says Bastable.

In addition to putting a financial strain on businesses and jeopardizing their solvency, ransomware is stressful for everyone involved, adds Pinhasi.

"Most estimates of damages caused by ransomware don't include the pressure on business owners, employees and even customers, if their information gets caught up in the attack," he says.

Should You Pay the Ransom?

Opinions vary as to whether you should pay the ransom in order to hopefully get a decryption code to retrieve your company data.

"Allegedly, around two-thirds of companies try to pay ransomware demands," says Vladimir Antonovich, COO of Elinext, a custom software development and IT-consulting business.

"Quite a few people will come to us after an attack and ask what they should do," says Antonovich. "I tell them that you don't want to end up paying, because there's no guarantee that the criminals behind these attacks are going to make good on their promises and return data."

At times, you may find it necessary to pay the ransom, adds J. Eduardo Campos, president and managing partner of Embedded-Knowledge, a business consultancy.

"I disagree with rewarding criminals for their extortion procedure," he says, "but it's a decision management has to make based on potential costs, damages to reputation and legal requirements."

Ransom Payment Sometimes Effective

Cindy Murphy is president of Gillware Digital Forensics and a retired law enforcement detective with more than 20 years' experience in cybercrime investigations and digital forensics.

"On one hand, it feels wrong to negotiate with cybercriminals and give them what they want," says Murphy. "On the other hand, the looming financial hit and business interruption are typically far more detrimental than the payoff amount. If business owners don't engage with the ransomers, they face the prospect that they and their employees may lose their livelihoods."

Though there is a chance that you could pay and not get a decryption key to restore your data, Murphy says that negotiating with cybercriminals is more feasible (and successful) than many believe.

"We negotiate several ransomware and cyberattacks weekly," she says. "One of the largest misconceptions about cybercrime negotiation is that the attackers will take your money and disappear without returning the compromised data or remedying the issue. We find that isn't the case. There is almost always an opportunity to negotiate for a lower ransom sum, as well."

That said, Murphy doesn't recommend that victims of ransomware communicate directly with the attackers without the guidance of legal counsel, a cybersecurity insurance provider or a digital forensics expert.

If you have backups that aren't connected to your computer or its network (like a standalone hard drive), you may not have to pay the ransom, adds Chelsea Brown, CEO and founder of Digital Mom Talk, a cybersecurity consultancy.

"If there is anything on your computer and network that you haven't backed up and can't afford to lose, pay the ransom," she says.

How to Prevent a Ransomware Attack

Since ransomware is so expensive and disruptive, your best line of defense is to prevent infection of your computer system in the first place. Consider these anti-ransomware protocols.

1. Train employees to be careful with emails.

"Most ransomware attacks are initiated by phishing emails sent out to hook victims," says Bastable. "The cyberthieves use information they gain online, including social media, to send out convincing spoof emails that once clicked on initiate a ransomware attack."

Teach employees to use caution when they post on social media and to look closely at any emails before opening them and clicking on links. If there is any doubt, train employees to not open emails.

2. Use a high-quality spam service.

"Part of the battle is keeping the emails out of the employee's inbox," says Lisa Good, CEO and co-founder of GSG Computers, which offers computer solutions. "A good spam service will ensure that happens."

3. Backup your data.

"When it comes to ransomware in particular, it's vital to have up-to-date backups of your data ready to go in case your system is affected," says Paul Bischoff, privacy advocate with Comparitech, a cybersecurity company.

"Having a backup that you test regularly can prevent you from having to pay the ransom and/or losing all your data," adds Good. "Have a self-contained, offsite copy of your backup in addition to a cloud backup. Having a copy of your data stored offsite locally provides quicker access and a faster recovery. Just make sure it's not attached to your network, so it can't be infected."

4. Install updates.

Applying the latest security patches to your applications and servers is vital.

"Installing updates is one of the best ways to prevent ransomware attacks," says Antonovich.

5. Take a multi-layered approach to ransomware prevention.

"Combating ransomware requires a multi-layer defensive approach, including intrusion prevention services (IPS) to block application exploits and advanced malware detection tools that use machine learning and behavioral detection to identify evasive payloads," says Nachreiner.

Read more articles on cybersecurity.

Photo: Getty Images

The information contained herein is for generalized informational and educational purposes only and does not constitute investment, financial, tax, legal or other professional advice on any subject matter. THIS IS NOT A SUBSTITUTE FOR PROFESSIONAL BUSINESS ADVICE. Therefore, seek such advice in connection with any specific situation, as necessary. The views and opinions of third parties expressed herein represent the opinion of the author, speaker or participant (as the case may be) and do not necessarily represent the views, opinions and/or judgments of American Express Company or any of its affiliates, subsidiaries or divisions. American Express makes no representation as to, and is not responsible for, the accuracy, timeliness, completeness or reliability of any such opinion, advice or statement made herein.