How to Respond to and Protect Your Business from Ransomware

The incidents of ransomware in Canada are rising at an alarming rate. In 2015, Canadians were affected by 1,600 ransomware attacks a day. By September 2016, the number of attacks nearly doubled, and those are only the known cases. Unfortunately, many incidents still go unreported. Businesses of all sizes have become targets of ransomware, as it can infect not only personal computers, but also entire networks and servers.

What is Ransomware?

Ransomware is malicious software that infects a computer and denies access to the system or data, and demands a sum of money to restore the information. Presently, the most common forms of ransomware will encrypt data.

Victims often receive an onscreen alert stating their files have been encrypted or a similar message, depending on the type of ransomware. The message on the lock screen may even claim to come from the federal government, accusing the user of violating a law and demanding a fine.

Organizations are then prompted to pay a ransom to unlock their computer systems or gain access to critical documents. Typically, the hackers behind the ransomware demand bitcoin—a type of digital currency that is difficult for police to trace.

How Ransomware Can Spread

There are different ways that ransomware can spread, including the following:

  • Visiting fake or unsafe websites
  • Opening emails or email attachments from unknown sources
  • Clicking on suspicious links in emails or on social media

How to Respond

Some operating systems provide instructions for responding to lock-screen ransomware, although results aren’t guaranteed. In contrast, encryption ransomware has no quick fix without an encryption key, which only the hackers typically have access to.

Regardless of the type of ransomware, experts recommend against paying the ransom. After all, there is no guarantee that you will regain access to your computer, network or files after you pay. Furthermore, by paying the ransom, you could be encouraging future cyber crimes.

If your business is affected by ransomware, take the following steps:

  • Do not do anything further on your computer systems. If possible, consult your IT department or an IT professional for assistance.
  • Immediately contact the Canadian Cyber Incident Response Centre (CCIRC) to report the incident. The CCIRC can assist your business to mitigate further damage.
  • Open a criminal investigation into the matter by reporting the incident to your local police force or jurisdiction, and inform the CCIRC that you have done so.
  • Report the incident to the Canadian Anti-fraud Centre.
  • Contact your insurance broker to discuss next steps from an insurance perspective.

What to Do if You’ve Already Paid the Ransom

Since business can come to a halt without access to essential data, business owners are often tempted to pay the ransom in order to quickly regain access. If you’ve paid the ransom, contact your bank and call the authorities as soon as possible. Credit card companies may be able to block the transaction and refund you if you contact them promptly.

How to Protect Your Business

Cyber extortion from ransomware is a legitimate threat to all businesses—no matter the size. The best method of prevention is to keep confidential information and important files securely backed up in a remote location that is not connected to your main network.

In addition to backing up your files, taking the following prevention measures can help keep your information secure and prevent you from becoming a victim of cyber attacks:

  • Teach your employees about ransomware and the importance of preventing it.
  • Instruct employees never to click on links or open attachments in emails sent by a party they do not know.
  • Show your employees how to detect suspicious emails and attachments. For example, tell them to watch for bad spelling or unusual symbols in email addresses.
  • Develop a protocol for reporting incidents of ransomware and other suspicious cyber activity.
  • Develop a schedule for regularly backing up sensitive business files.
  • Update your company software as soon as new updates are released. In doing so, you can patch the security vulnerabilities that cyber criminals rely on, and avoid becoming an easy target.
  • Purchase cyber liability insurance that not only helps you respond to threats, but can also help cover the cost of the ransom and any other losses incurred as a result of cyber extortion.

Don’t let ransomware—or any type of cyber exposure—threaten your business. Contact your insurance broker to ensure you have the proper coverage and the tools necessary to protect against losses from cyber attacks.

© Zywave, Inc. All rights reserved

1 in 4 Internet Users Don’t Know How to Respond to a Ransomware Attack

The 2017 Centre for International Governance Innovation (CIGI)-Ipsos Global Study on Internet Security and Trust, which surveyed 24,255 users across multiple countries, recently found that 1 in 4 internet users would have no idea how to respond to a ransomware attack. In addition, the study found that just 16 per cent of users would know how to retrieve data from a backup while another 13 per cent wouldn’t even attempt to recover data if vital information was compromised.

This survey comes on the heels of the recent WannaCry ransomware attacks, which impacted over 200,000 users in at least 150 countries. Initial reports indicated that the WannaCry attack used ransomware to hijack computer systems and demand money in the form of bitcoin, a type of digital payment system.

The ransomware initially requested around $300 and, if no payment was made, it threatened to double the amount after three days and delete files within seven days. This type of cyber attack is common and can impact businesses of any size, so it’s important to know what steps to take in order to protect your business.

The WannaCry attacks illustrate the importance of ensuring that any and all software patches are up to date. For further protection, consider training every employee on cyber security, and instruct them to never click on suspicious emails or attachments.

Other ransomware precautions include the following:

  • Update your network if you haven’t yet and implement the appropriate software patches.
  • Turn on auto-updaters, if available.
  • Don’t click on links that you don’t recognize.
  • Don’t download files from people you don’t know.
  • Back up your documents regularly.

Following this attack, organizations are likely to be more proactive in adjusting security measures so malware can’t spread automatically. Taking these precautions into mind, your organization can avoid potentially costly ransomware attacks. As an added benefit, a higher focus on in-network security measures can make your organization more attractive to potential customers and other third parties.

© Zywave, Inc. All rights reserved

Canada Ranks Poorly in Lost Revenue and Continuity After Ransomware Attacks

Skull and crossbones on binary code with message of infection. Eps10. RGB. Global colorsRansomware is a type of malicious software that is specifically designed to block systems or files until a victim—typically a company or high-ranking professional—has paid a sum of money to regain access. These types of attacks can be costly, sometimes averaging up to $50,000.

According to the recent report, the State of Ransomware, by malware remediation company Malwarebytes, Canadian businesses were among those most likely to pay ransomware demands. Additionally, the report, which examined 5,400 IT staff across Canada, the United States, the United Kingdom and Germany, showed that Canadian businesses ranked among the highest for lost revenue and business interruption following an attack.

In total, around 75 per cent of Canadian businesses admitted that they would pay an attacker to regain access to key systems and functionality. Other interesting findings from the report included the following:

  • Ransomware can impact more than the original infected system or file. In the report, Canada ranked the highest for ransomware penetration, as close to half of attacks affected 26 per cent or more of a company’s extended network.
  • Executives and senior-level staff are typically the targets of ransomware schemes.
  • On average, ransomware attacks in Canada were twice as expensive as those in the United States.
  • Business applications were found to be the most common vulnerability to ransomware in Canada. While email attacks are common in other countries, Canada’s strict anti-spam laws could be contributing to the lower number of email attacks.
  • Despite Canada ranking poorly in terms of business interruption and overall cost as it relates to the impact of ransomware attacks, 51 per cent of surveyed businesses claimed they were confident in their ability to stop an attack.
  • Health care and financial services were found to be the most common industry targets for ransomware attacks.

Ransomware attacks are a serious concern—one that continues to impact Canadian businesses. In the past year alone, more than one-third of security attacks in Canada were ransomware-related. To protect themselves from this ongoing threat, organizations should consider having a risk assessment done to determine and remediate potentially vulnerabilities.

© Zywave, Inc. All rights reserved