Are your clients prepared for a ransomware attack?

The Background
Imagine this scenario…you are a police detective. Early one morning you attempt to access your department’s database as you are working on a very important investigation. When you log in to your computer, you are greeted with a gut-wrenching message: “Your files have been encrypted. Make a Bitcoin payment to unlock your files”. This is the start of a very bad day…and it is not fiction.

orange virus imagePolice in Cockrell Hill, Texas admitted on January 26ththat their department IT systems had been infected with ransomware. The attack essentially locked them out of eight years of data, including critical case evidence, body cam videos, and various department documents dating back to 2009. The ransomware, most like the “Locky” virus, is believed to have infected the department’s computer system when an officer opened a spam message from a cloned (spoofed) email address that was very similar to that of the official department email address. The bad guys asked for a $4,000 ransom to unlock the encrypted files.

The Outcome
After consulting with the FBI, police department officials decided not to pay the ransom.  Instead, they opted to delete all encrypted files from the infected computer and attempt to restore the files from backup sources. Their strategy did not work. The back-up failed, and as a result, the department lost tons of critical data.

It’s Getting Ugly Out There
Ransomware attacks are increasing at a dramatic pace, and organizations are becoming more vulnerable as new and more sophisticated ransomware is being developed by organized criminals. Beyond that, security software and other protection practices are often ineffective since the preferred ransomware delivery method is the old reliable phishing email.  Studies show that a large percentage of employees will continue to open these highly convincing messages.

The Takeaways
You really need to make sure your clients are prepared for these attacks. Here are a few quick pointers:phishing
1.) Back-Up Critical Data. Yes, this sounds like a no-brainer. Companies often discover, when it’s too late, that the backup systems they thought were in place were not complete, or worse; that the back-ups were infected by the ransomware virus. Check your back-ups, create redundant systems, and test them.
2.) Security Awareness. Train your employees on the dangers of phishing. Test them.
3.) To Bitcoin or not to Bitcoin…that is the question. Law enforcement will always advise against paying Bitcoin ransoms, as these payments are used to fund future attacks. It’s similar to paying ransom to terrorists. While this is an understandable argument, will you and your board of directors be willing to face the fall-out of losing millions of critical records? This is a discussion your clients must have in advance of a ransomware attack, rather than in the heat of the battle. Have a plan and a solid IR team in place.