Focus on fraud: a look at ransomware

No matter how many precautions you take to secure your company’s data, you can’t help but wonder if it’s ever enough. We all read about evolving cyberscams and know that education is the key to helping protect your company against fraud. Ransomware scams in particular can be costly and debilitating if you lose all your data or are threatened with a release of that sensitive data. So, what is ransomware, where does it come from, and how do you reduce the risk of this attack?

What is ransomware?

Ransomware is a form of malicious software, or malware, that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data. With the rapid shift to remote work by millions of Americans, and a dramatic surge in phishing scams and fake websites, we are all at increased risk of ransomware attacks — individuals and businesses alike.

While we tend to see reports of these incidents among government and critical infrastructure organizations, this type of cybercrime can (and does) happen to any type of business. Anyone with a computer connected to the internet with data stored on their computer or network is at risk. 

During a ransomware attack, you would likely receive messages telling you that your data has been encrypted and demanding you pay a fee to regain access. You would then be given instructions on how to pay the fee in order to receive the decryption key. This “ransom” can range from a small amount to thousands or even millions of dollars, depending on the value of the data. It’s usually demanded in the form of Bitcoin or other types of anonymous cryptocurrency. These cybercriminals may threaten to sell or leak this stolen data if you don’t pay the ransom. They may threaten to publicly name you (or cyber-shame you) as a secondary form of extortion. The attack may also involve deleting system backups, making it even more difficult to restore your data. 

Some victims pay to recover their files with no guarantee the files can be retrieved. Your stolen data may even be sold on the dark web. Recovery, when it happens, can be a difficult process that may require the services of a data recovery specialist. This process can severely impact business processes and leave your organization without crucial operational data and with a fractured reputation.

Protecting yourself and your business

So how do these attacks occur, and how can you prevent one from happening? This moneymaking scheme can be initiated through deceptive links in an email, instant message, or website designed to install malware. The Cybersecurity and Infrastructure Security Agency (CISA) recommends the following precautions to protect yourself against the threat of ransomware:

• Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
• Never click on links or open attachments in unsolicited emails.
• Back up data on a regular basis. Keep it on a separate device and store it offline.
• Follow safe practices when using devices that connect to the Internet. Read Good Security Habits for additional details.

In addition, CISA also recommends that your organization employ the following best practices:

• CISA released a guide for parents, teachers, and school administrators that provides information to prevent or mitigate malicious cyber actors from targeting K-12 educational institutions, leading to ransomware attacks, theft of data, and the disruption of learning services.
• Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
• Use application allow listing to allow only approved programs to run on a network.
• Enable strong spam filters to prevent phishing emails from reaching end users and authenticate inbound email to prevent email spoofing.
• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
• Configure firewalls to block access to known malicious IP addresses.

We know that some of your concerns may be specific to your organization, and UBT’s Treasury Management is here to help. We also recommend reading CISA’s article in its entirety and downloading whatever related resources you may find helpful.