Topic: Your data has been kidnapped… now what?

[Pez]

Your data has been kidnapped… now what?

What’s it like to be held hostage? I never want to find out and I’ll bet you don’t either. But given today’s environment executives might find themselves held hostage in a way they never expected. Ransomware, as it is known because it holds your entire computer system hostage, is quickly becoming the hacker’s method of choice because it’s simple, fast and virtually untraceable.

For the most part companies that are victims have little choice (unless they’re properly prepared – more on that later) than to pay the ransom, whatever it is, to alleviate the attack. In fact, up until very recently even the FBI has recommended to victims that they pay up.

Ransomware attacks are different than what most people perceive as a cyberattack. There’s no theft of data or interest in stealing personal identification. Hackers don’t care if your company stores credit card information, medical records, login credentials or Social Security numbers. Instead, ransomware attacks leverage the importance of your business operation and access to your data, or what your computers control, to force you to pay up. And it happens. A lot.

In fact, it’s becoming so ubiquitous that the CyberThreat Alliance estimates that they’ve seen 406,887 instances of just one type of “infection” and that the damage last year alone was $325 million. And that’s a soft number because it doesn’t calculate the damage from lost time, productivity and reputation. $325 million is just what you can put your finger on.

So how does this work and why is it so effective? Simple: An email containing a link, attachment or embedded virus is sent to someone – anyone – in your organization. It might appear to come from the CEO, or from a large bank or credit card company. Using standard “phishing” techniques they’re bound to get at least one sucker to open the attachment and that’s all it takes. Once they open the email and click the link your entire organization could be held hostage for a ransom. What happens is that by clicking the link or downloading the file they’ve installed a piece of nefarious code that hackers will then use to encrypt your entire system with a key that only they have. But maybe not right away.

Imagine that your entire company and everything in it that is connected to the Internet – payment processing, manufacturing machinery, logistics control, physical security systems – essentially everything – grinds to a very loud screeching halt. Because the hackers were patient, they planted the seed for this weeks ago when an email contained a link to a file labeled “Account receipt.doc” or “Financial records.pdf” or some other tempting name. Nothing happened at the time (because the hackers planned it that way) and the code just waited. And waited. And waited some more until you receive a frightening and threatening email telling you that you need to pay up or you’ll lose access to every record your company maintains.

Worse, you’ll be completely locked out of every control, machine, logistics management software, sensor, camera, temperature regulator, voltage regulator and whatever else is on your network.

And your personnel records, inventory information, customer data and everything else that’s stored anywhere on your network? As the old-style thieves used to say, fuhgeddaboudit. You’re toast. And as the clock keeps ticking and the business losses pile up the board of directors and the executives are left with a simple choice: Pay the ransom to get the key to unlock your world or take the high road and refuse to pay but watch your business crumble.

There’s no right choice … but there’s no good choice, either. Ethics and principle demand that you stand your ground and not negotiate with criminals. Reality, however, is that your phone system doesn’t work, your factory is completely shut down, your ledgers, ordering system and everything else is eerily quiet. So you grind your teeth, bang your fist on the desk … and pay.

Or not. Maybe you don’t have to pay because you took the appropriate precautions. They’re relatively simple but the number of companies that don’t follow these simple guidelines would shock you.

• Backup backup backup backup backup. That’s right – do it daily, weekly, monthly, quarterly and annually. Move the backups offline to another, totally separate network with completely different credentials and operations. That’s what cloud systems are great for – use them. Take snapshots of different types of data in different ways. Be absolutely totally obsessively compulsively fanatic about it. And then do it some more. If you have an unencrypted backup and are the victim of a ransomware attack you can laugh at the criminals while you restore a perfectly preserved snapshot of your system from the day, week or month before. It may not be up to the minute but it’ll be enough and you’ll thank yourself for doing it.

• Educate your employees until they’re sick of hearing it. Tell them not to click links, insert USB thumb drives, open emails from anyone not in their address book and a dozen other things that can expose the entire company. Then do it again. And again – until it is seared into their memory to the point where they are all mildly paranoid. In today’s cybercrime world that’s a healthy state of mind.

• Conduct a fire drill. Pick a day – preferably over a weekend or sometime when your normal business will not be heavily impacted and tell your IT department that you just got the worst scareware letter you’ve ever seen or have the IT department call you and tell you that every single aspect of your system is locked up. And then create a checklist of what to do, who is responsible for doing it and what can be done while you are bringing your backup online. Do you need to call customers, put up a message on your web page, make a public announcement or tell your employees? Figure it out now because when this happens you won’t be able to think about anything other than getting your operation restored.

Ransomware is nothing more than an old-fashioned kidnapping. But there isn’t just one person being held hostage, there’s an entire organization, your customers, your employees and, probably most dangerous of all … your reputation. Remember this: It takes years to build up a great reputation and just a moment to destroy it. Don’t let this happen to you. Don’t be a victim. Be diligent. Be prepared. Be cyber aware!


Original article: By Scott Goldman, CSO Magazine on  May 16, 2017