Across the cybersecurity landscape, security professionals are predicting an increase in ransomware attacks against businesses of all sizes, following an escalation in the second half of 2020. According to security firm CheckPoint, the daily average number of ransomware attacks in Q3 2020 increased 50% compared with the previous six months. And where a business threat exists, you’ll find a similar threat to individuals of their computers being hijacked and held for ransom.
Knowing there will be more ransomware attacks gives you an opportunity to prepare yourself for both primary and secondary attacks. Here’s what I mean by that: A primary attack would be against your own computer in which a piece of malware is successfully planted in your device. Your computer becomes inoperable and you receive a message on the screen that your computer will not be released until you pay a specified amount of money, typically in bitcoin rather than dollars because the virtual currency is untraceable. There will likely be a deadline for payment and if you don’t pay, your files will be destroyed and you will never regain control of your computer.
A corporate attack works in a similar way, but the company has far more at stake: its customers’ sensitive data and its reputation. Further, the bigger the company, the higher the ransom is likely to be.
Law enforcement agencies are united in their advice to victims: don’t pay. They say paying the ransom won’t guarantee you get your data back and you’re only funding future attacks. I would add that you may never be sure that the criminals won’t access your system again. However, people panic and may opt to pay in the hopes that they can save their files. It may seem more important at the time to minimize the disruption to work and pay a few hundred bucks than shut down the computer or network, secure it, access backups and restart. While businesses and public institutions have many more people involved in deciding on how to respond to an attack, they may still decide to pay.
In July, the University of Utah fell prey to a ransomware scheme and ultimately paid a ransom of $457,059.24. According to the university’s official statement: “After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet.”
Preparing for secondary attacks means thinking about what you will do if a key service that you use is brought down by a ransomware attack. This could be as mild as the Barnes & Noble attack last summer that interrupted Nook e-reader service for a few hours, or as serious as an attack on a California hospital that locked patient data for 10 days.
Preparation is simple: Think “what if” and then make a backup plan. Start with your computer. Backup all of your files onto a thumb drive. The essential point here is that you can put your hands on the storage device without using your computer, so cloud backup doesn’t qualify. Make a list of the programs you access and account credentials so you can quickly replace them. Be prepared to reset your computer to the factory settings, and for the worst case, put aside some money for a replacement. Make copies of medical records, insurance policies, prescriptions and any other data that’s important to you and accessed online. Ask your health care providers and other professionals about their backup systems in case of this type of attack.
For secondary interruptions to companies or services you have come to rely on, think about how you will respond. In most cases, the only course of action is to wait until it comes back up. If you are alerted to an attack, change your password immediately and begin monitoring your bank accounts if they are in any way tied to the victim company. Oftentimes, companies don’t report a security incident right away so be on the lookout for any unusual activity. If you can’t log in to a service, check to see if it’s down for all by visiting a site like isitdownorjustme.com and typing in the URL. If it’s down, change your password.
Prevention is even easier. Even the most sophisticated ransomware attacks are usually the result of phishing emails. Do not open emails from people you don’t know and never download an attachment whether you know them or not. A good alternative to attachments is sharing documents with authorized colleagues and people you know through an online service such as Microsoft’s OneDrive or Google Drive.