Wednesday 24 August 2016
How to stop your business being held to ransom
Wednesday 24 August 2016
Our guide to protecting against the latest craze in cybercrime
It starts innocuously enough. You receive an email from a colleague; just the regular kind of short message they’re always sending and a link to an article they thought you’d like. But when you click on it, your troubles start.
It’s not The Australian or The New York Times that you’re taken to. Instead, you’re directed to a screen that tells you all of the data stored on your computer has been encrypted. Worse still, you’re not going to get it back unless you pay. And to top it off, for every 30 minutes you delay, a piece of data will be destroyed or the price of having it unlocked will increase.
What’s happened is that you’ve just downloaded dangerous ransomware to your system. And ransomware is on the rise.
How ransomware works
Unlike other cyber-attacks which tend to try to steal your data (especially your financial data), ransomware is – at least in one sense – decidedly low-tech in its approach. It’s the cyber equivalent of kidnapping, it’s just that instead of taking people hostage, the scammers hold your data.
They do this by introducing a file to your computer, often via a fake email link. Like our scenario above, scammers using ransomware often ‘scrape’ people’s social media profiles or company websites to impersonate someone close to them. Alternatively, they may try to introduce ransomware onto your computer through a fake warning ‘pop up’, which tells you that you have been engaging in illegal activity. The only thing you can do to remedy it is to select the link.
Whichever method the scammers use to expose you to ransomware, the result is the same: when you click on a link to find out more, the ransomware injects a script onto your machine which encrypts all your files and locks you out from accessing them. To get them back, you’ll usually have to deposit bitcoin into the scammers’ accounts – although some enterprising scammers will offer a range of payment options, including credit cards.
What if this happens to you?
The most immediate question becomes whether or not to pay the scammers to get your files back. Many people choose to do so.
In 2013, the most famous ransomware, Cryptolocker, reportedly made its developers more than US$30m in just 100 days. In February 2016, one US-based hospital had all its patient files locked away for more than a week until it paid around US$17,000 (A$22,300) to have them decrypted. And hospitals around the world are increasingly being targeted. But financial services businesses are particularly vulnerable too, given that they rely on extensive client files. After all, if you lose your client data it could cost your business thousands, even hundreds of thousands of dollars….
But that still doesn’t mean you should pay.
The good news is that as ransomware becomes more common, some good Samaritans have started posting free decrypting software online, which will do the job for you. However, decrypting software isn’t yet available for every type of ransomware.
Another option may be to pay an IT professional to take it off for you (although you may still lose data unless you have backups). However, that’s likely to be more expensive than paying off the scammers. At least, that’s what they’re counting on.
But, by not doing so, you’re putting money into the hands of criminals and encouraging them to continue with their scam.
The best software can usually detect and block the scammer...
The best approach
The most effective way to guard against ransomware is to back-up computers regularly. If you have good back-up processes and keep multiple copies of every file you make, you’ll minimise the amount of damage ransomware does to your files. In fact, even if you don’t pay the ransom or pay for an IT expert to decrypt your files, the only data you’ll lose should be anything created or modified since the last back-up.
For this reason, computer experts recommend automatic, incremental online back-ups as a good weapon against ransomware.
Another important step in protecting against ransomware is to always have the latest version of reputable anti-virus software installed on your system. The best software can usually detect and block the scammer from activating some of the more common (and most harmful) forms of ransomware.
Beyond that, your business should also have a strictly enforced workplace policy when it comes to cyber safety, which includes not opening files or clicking on links that you are not 100 per cent certain of.
Want to know more?
Ransomware presents a real and increasing threat to financial advisers and accountants. But it’s also a threat that can be minimised, simply by backing up data on a regular basis.
Still, there’s no substitute for stopping attacks before they occur, which means exercising caution across your business, as well as making sure you stay up-to-date with the latest threats on the Scamwatch website.