(Newswire.net — February 23, 2017) — It’s every business’s nightmare scenario: an employee opens a .zip file attached to an email from an unknown source, and that file unleashes a ransomware virus that locks every file on the network until the business pays a ransom to the attacker. Adding a further dimension to this scenario, new forms of ransomware not only lock files, but threaten to serially destroy more of those files every hour until the ransom is paid.
Hackers no longer limit their ransomware attacks to commercial enterprises. At least one iteration of ransomware has targeted smart TV’s with messages threatening owners with FBI and other legal action if they fail to meet the hacker’s payment demands.
In 2016, another iteration hit the San Francisco public transit system to give riders free transportation until the system paid approximately $74,000 to a hacking group. In an attack that targeted a more critical network, the Hollywood Presbyterian Medical Center’s systems were frozen by ransomware until the Center paid approximately $17,000 to unlock them. These individual amounts may seem minor, but in the first half of 2016 alone, in the aggregate ransomware amounted to more than $200 million in losses for targeted entities.
Ransomware can sneak past a corporate firewall and other cyberdefenses in any number of ways. Many of the early forms of ransomware, including viruses that went by the names of CryptoLocker and CryptoWall, were spread by spam. Some enterprising hackers farmed out their attack technology to other parties with a tool known as CTB-Locker in exchange for a percentage of any profits. The Locky ransomware virus poses as an attached invoice that unwitting employees are tempted to open, and KeRanger is the first of those viruses that has had some success against MacOS applications.
Organizations have a few viable counter-defenses to this plethora of ransomware viruses. At a minimum, a company should regularly back up its files and systems onto hard disks that are not connected to or shared within corporate information systems and networks. Cloud systems that store files and data remotely may be an option, but hackers and ransomware can gain access to the cloud through an organization’s network.
Next, an organization’s operating systems, programs, and apps should all be kept as up-to-date as is possible to ensure that all patches and bug fixes have been installed to plug holes and other weaknesses that hackers have learned to use.
Further, the organization’s regular cyberdefenses should be structured to make hidden file extensions in incoming traffic visible, and to filter any attachments that include a .exe extension. Other defenses that are specific to a network’s environment may also be available.
Unfortunately, no defensive strategies will be absolutely foolproof and an organization will always be subject to some level of risk of losses from a ransomware attack. When those losses happen, cyber liability insurance carriers can step into the breach to provide reimbursement. Cyber insurance can cover direct losses associated with ransomware-related and other damage to a company’s servers and data storage devices.
More critically, that insurance can also compensate for losses and exposure of third-party customer data that a company holds in its networks. Customers who perceive that their data is at risk and whose concerns are not promptly addressed following a successful cyberattack are unlikely to want to continue doing business with a targeted company. Cyber liability insurance can establish a resource pool to reimburse customers for their own risks and losses when their data has been purloined by a successful hack attack.