Beware, Ransomware Can Hold a Company Hostage

YOUNGSTOWN, Ohio — A business owner’s worse nightmare can start with something as seemingly innocuous as an email. Clicking on what seems the right link – disguised as an internal communication from someone inside your company – can lead to your organization losing control of its entire network.

This is merely one of the increasingly dangerous digital attacks companies face, say cybersecurity experts. As hackers employ more sophisticated techniques, businesses must fully understand how they’re at risk and take steps to secure their data.

In early January, the Los Angeles Community College District paid $28,000 in ransom after hackers seized control of its computer network and campus email system.

Security experts determined that hackers employed a malware attack, popularly known as “ransomware,” to hold the district’s network hostage.

Lloyd’s of London estimates that cyberattacks such as that launched against the community college cost businesses at least $400 billion a year.

Malware attacks install software on the target’s computer that can access its files and monitor its activities. Ransomware blocks access to the owner’s files until it pays a ransom to the hackers.

A 2016 study by the Ponemon Institute, an independent research group that focuses on data information and information security policy, called ransomware “a growing problem security professionals need to address.”

“Ransomware purveyors are getting very crafty,” says Mark Richmond, president of Micro Doctor IT in Warren. “They make it look like you’re clicking on something very legitimate, like a UPS tracking label or an update to your PayPal account.”

“They click on a link and all of a sudden their data is completely encrypted,” says Ralph Blanco, CEO of Executive Computer Management Solutions Inc. (ECMSI) in Struthers. “They have to either pay for it or restore their data.”

“They [hackers] put an encryption on it,” Richmond says, “and nobody can read it, unless they put the key in, and they have the key.”

Hackers usually demand payment in bitcoin, a universal Internet currency that is difficult to trace. Once the ransom is paid, a “key” is sent to the victim, allowing him to “unlock” his files.

According to the FBI, “ransomware attacks are not only proliferating, they’re becoming more sophisticated.”

Hackers often employ a tactic known as “phishing” – random efforts to obtain valuable user information for illegal purposes – by using emails and other communications to induce users to click on a link or a fill out a form they believe a reputable individual or business sent.

More sophisticated phishing schemes, known as “spear phishing,” increasingly target individuals, employees and business owners based on their personal information.

“With spear phishing, they go in and use a little bit of information from your social media profile,” Richmond says. “They can see that you like motorcycles or that you’ve been looking at Ford pickup trucks. So they’ll send you something just like what you were looking at and craft it to make it seem like something you should click on.”

These attacks commonly come through Facebook, he says, where individuals often have a business account connected to their personal account.

“They can even craft emails that look like they’re coming from people in your own company,” Richmond says. “They can change a letter in your company’s web address, prompting you to click on it.”

The likelihood that an employee will fall for such a scam increases with the size of the company, he adds. “If you have hundreds of employees, the chances of one person falling for it are pretty high.”

However, smaller companies are not necessarily safer. The Ponemon Institute study found that smaller firms experience a larger share of cybercrime costs related to “malware, web-based attacks and phishing/social engineering.”

“When it comes to small businesses, data theft and ransomware are the two biggest fights right now,” says Stephen Koscelansky, vice president of Admin Net Tech in Boardman.

“With data theft, they basically pursue the same route as getting the ransomware on the computer,” he says. “It’s mainly phishing attacks or going to bad websites, because browsing habits are not what they should be for most employees.”

Personal and company information can be sold on the black market and the dark web. The dark web, or darknet, is a “hidden” part of the Internet that exists on an encrypted network that is not accessible via traditional browsers or search engines.

Hackers can sell information there via dark markets, where bitcoin is the medium of exchange.

“For every piece of personally identifiable information that is stolen, it costs a small business an average of $38,000,” Koscelansky says.

While no company can completely safeguard itself from cybercrime, employing the proper precautions can help avoid many worst-case scenarios, experts say.

“Most of these attacks are self-induced,” ECMSI’s Blanco says. He emphasizes the importance of training staff to recognize phishing expeditions so they can avoid making the common mistakes hackers profit from.

“No matter what protections you have as a company, a lot of it just involves educating your staff,” he says. Something as simple as training employees to hover over links so they properly identify them can save a business from a malware attack.

Companies should ensure they are properly installing security updates for Microsoft Word, Adobe, Java and other applications, he says, as well as regular anti-virus updates.

“Patching of Microsoft Windows software is very important,” Richmond agrees.

Companies that fail to take advantage of software patches leave themselves vulnerable to hackers and malware. The FBI recommends that users patch software and firmware regularly to deter ransomware attacks.

Local and remote backups are “critical for protecting your data,” Blanco says, but many businesses fail to check if they’re consistently working properly.

“A lot of times companies don’t even know if they’re backing up,” he says. “They’ve put a backup in place, and they assume it’s working. Until they go to use it.”

“Make sure your files are not only backed up, but backed up with revisions,” Richmond says. “That means if I get encrypted today, I can go back to yesterday’s files, because I have a revision of the backup that’s being written over every time I back up.”

Other basic approaches are available to business to secure their networks.

“We always recommend a layered approach, with a business-class firewall protecting them from internet intrusions that way,” Richmond says. “They can even be set to block ransomware requests.”

Koscelansky suggests that small businesses hire a managed-services provider to oversee their cyber security needs and training.

“Not every small business can have a CIO [chief information officer] available – someone to take care of their information and their technology, make sure its running right. And that also comes with making sure that users are properly trained,” he says. “A managed services provider outsources that CIO’s job.”

“Let us focus on your IT needs. You just focus on growing your business. That’s what most business owners want to hear,” Blanco says.

Copyright 2022 The Business Journal, Youngstown, Ohio.