There are many articles in the news about Ransomware today, which is a special type of malware. Ransomware is a way for the bad guys to get your systems to lock up so you can’t access the data, and then tell you that you can have your data back only if you pay them.
But, how do they do this?
It all starts with a breach of some type. Perhaps your employee is looking at their personal email on their work computer and they click on a link to log in to their bank account (which isn’t from their bank; in fact, it is phishing). Their computer is infected. This is the foot in the door. From here, that PC will “call home” to the command and control center for the malware, and the PC will begin scanning the network from the inside looking for other hosts to infect.
Once the malware has control of many or all of the PCs, file servers, databases, email servers, web servers and every critical business function, the command and control center will allow each PC to download a special exploit that will encrypt the hard drive of every machine.
When you come in Monday morning, grab your cup of coffee, power on your PC and you are presented with a screen stating that the hackers have your data and they won’t release it unless you pay them some large amount of money in bitcoins. You put down your coffee and pick up the TUMS as you realize all employees have the same screen, and you can’t access any data that makes your business work. All of your invoices, client contacts, contracts, billing information, etc. You haven’t just lost your data, but confidential data that belongs to your clients as well.
What do you do? Do you pay?
There is evidence to suggest that paying the ransomer may NOT get your back your data. Once you pay them, they can walk away, leaving you poorer. On the other hand, they could unlock your workstations and servers, but you now know that they have access to all of the confidential data you were trying to protect.
According to this research report from MIT, Ransomware has generated over $45 Million for the bad guys. The larger the organization, the more sensitive the data, the higher the ransom.
But you are covered, right? You have cybercrime insurance? Not all insurance companies will pay. Recently, some insurance companies decided that since the ransomware was “NotPetya”, which has been linked to the Russian government’s actions, it was deemed as an “Act of war”. Other companies refuse to pay for various reasons, citing that the target business should have done more to prevent these damages.
Could you be doing more? Contact us today.