Please ensure Javascript is enabled for purposes of website accessibility

Outsmarting cyber criminals who hold your computer systems for ransom

CityBusiness Guest Perspective//April 13, 2018//

Outsmarting cyber criminals who hold your computer systems for ransom

CityBusiness Guest Perspective//April 13, 2018//

Listen to this article

Atlanta officials awoke at 5:40 a.m. a few weeks ago to discover that cyber criminals had hacked the city’s computer systems and networks in five of its thirteen departments. Their SamSam ransomware crippled courts, handcuffed law enforcement and made paying water bills impossible. One council member lost 16 years of data. Atlanta had ignored warning shots fired nine months before the attack.

Farwell
Farwell

Your company is at risk. McAfee Labs discovered nearly 1.2 million ransomware attacks in 2016, a 25 percent increase from the year before. Ransomware infected Bournemouth University 21 times in 12 months. SamSam froze MedStar Health, a network of 10 hospitals in Maryland. The Locky variant struck Hollywood Presbyterian Medical Center. The hospital got off cheap, paying $17,000 rather than putting patients at risk. Police departments in Maine, Massachusetts and Chicago have been hit.

The bad news: That could happen to you at home or work. The good news: You can take actionable steps to protect your company. Here are defensive measures and legal steps worth knowing about:

  1. Prevent attacks through security awareness. Attackers require someone to click on something. Most come through phony emails, attachments to emails or linking onto a website. Others come from games, adult content, screensavers and “free” modifications to games like Minecraft. Criminals are sophisticated. They stay ahead of the curve. Training your workforce to recognize and beware of phony emails or attachments, and to avoid untrusted websites, has been shown to cut the risks by 700 percent. Train it rigorously. Monitor the work. Impose sanctions on people for failure to follow procedures.
  1. Prevent attacks by utilizing pre-threat analysis technology. It’s better to stop than recover from an infiltration. The most effective is called “URL Sandboxing.” Top cyber expert Mike Muscatell of a large global food manufacturing organization favors URL Sandboxing. “Sandboxing intercepts suspicious emails, attachments and web links which places them into an electronic sandbox as part of a pre-delivery threat analysis process. The ‘sandboxing’ analysis contains and prevents users from becoming victims by clicking on or accessing fake potentially malicious links or attachments.” Companies like Forcepoint and FireEye offer this technology.
  1. Block attackers with antivirus software. This helps, but it’s not foolproof. Consult an IT security expert for the software that’s right for you.
  1. Create copies of files and keep them up to date. If attacks infiltrate your systems, freeze and encrypt your files, redundancy can ensure resiliency. External drives, DVDs or USB flash drives can work. But careful: These media deteriorate. Test them regularly to ensure that files are intact. If they’re hooked up to infected computers, the ransomware can infect them. Know that such a trusted cloud system also offers a back-up system. You can then restore files from backups. DropBox, Google Drive, Microsoft One and others offer these services, although they can also be hacked. Blockchain may also offer a solution, through its permissioned network of users, so that if one point of entry is compromised, duplicates of data are easily accessible.
  1. Disconnect infected computer systems from your company network. Unplug storage devices like USB or external hard drives. Unplug the computer from the network and storage devices. Disable Wi-Fi and Bluetooth on infected machines to prevent malware from spreading.
  1. Patch and block. Patch software security holes to prevent malicious software from exploiting them to infect systems.
  1. Determine the strain of ransomware. Vendors offer decryptors to unlock files, but attackers stay a step ahead. “Initially, attackers infiltrated computer systems and networks,” Muscatell said. “In one step, they locked a target’s computer files by encrypting them. De-encryption companies could in help targets unlock the encryption. Increasingly, attackers launch assaults in two waves. The first infiltrates and infects computers. The second locks target files through encryption. The de-encryptors do not work well against this new attack.”
  1. Identify how quickly a ransom is due. The longer you wait, the more you may have to pay.

What if you don’t pay?

Elkins
Elkins

You probably lose your data. You need to decide how critical that data is to you. Paying may prove more cost-effective. A warning: Hackers may take your money – usually demanding payment in bitcoin as it cannot be traced– and do nothing.

Legal implications

Your company should establishes an Information Security Management System and an Information Security Risk Management Plan.

An incident breach response plan and team is vital. You need a holistic approach that combines the expertise of IT, operations personnel, management, physical security chiefs  and both corporate and outside counsel. Regulators demand that companies take “reasonable and adequate/appropriate” steps to secure personally identifiable information of clients. Outside cybersecurity counsel are important assets. Integrating them into the security process can help demonstrate to regulators that companies have exercised due diligence and documented in writing the policies, standards and safeguards, workforce training, monitoring, controls, processes and procedures they have followed to comply with applicable laws and regulations.

The U.S. Department of Justice in 2016 reported that over 4,000 ransomware attacks occurred each day, a 300 percent increase over the prior year. Osterman Research revealed that 51 percent of organizations survey experienced between one and five ransomware infections, hacker infiltrations or malware infections because an employee clicked on a phishing link or attachment.

Bagneris
Bagneris

No defense is foolproof. But knowing the problem and implementing practical defensive measures can save you and your company a lot of money and distress.

James Farwell and Geoff Elkins are attorneys with Elkins PLC of New Orleans and have expertise in cybersecurity law. They have co-authored a new book with Virginia Roddy and Yvonne Chalker, “The Architecture of Cybersecurity.” Michael Bagneris, former chief judge for the Orleans Civil District Court, is Of Counsel to Elkins PLC for cybersecurity.

DINING OUT