We depend on computers and the information they store. Customer accounts, payment information, inventory—all data you rely upon and often need at a moment’s notice. But what if your access to that information was cut off? There’s a new disturbing trend of hackers intentionally blocking and holding company information hostage. Here’s what criminals are after:
- Customer data
- Lease, sales, and rental agreements
- Third-party confidential information
- Employee data
- Personal information like Social Security numbers
- Health information
- Tax information
- Company data
- Credit, debit, and other payment information
- Financial information
- Account balances
- Loan histories
- Credit reports
- Email, phone, and home addresses
Protect your company and customers
Protection is possible. Front-end data security makes it harder for a hacker to get in. Other security and data backup upgrades might also limit the damages. In addition, data extortion coverage helps provide extra peace of mind. Here are some other things you can do to help protect your business and your customers’ valuable information:
- Ensure that your anti-virus software is up to date.
- Train your employees on how to avoid phishing attempts on their computers and test them from time to time to maintain awareness.
- Apply vulnerability patches as soon as you’re able and enable automated patches for your operating system, software, firmware, and web browsers.
- Establish firewall settings that prevent access to known malicious IP addresses.
- Determine whether application whitelisting makes sense to you. Whitelisting limits programs that can run to those known and permitted by a security policy.
- Consider network segmentation to reduce ransomware impacts.
- Enable strong identity- and access-management programs with established principles of least privilege (need to know) and limit your local administrative rights.
- Invest in an intrusion-detection system to monitor signs of malicious activity.
- Implement and test a data backup and recovery plan to maintain copies of your sensitive or proprietary data in a separate and secure location—preferably offline or with a trusted cloud solution.
- Make sure backup copies of sensitive data aren’t readily accessible from local networks.
- Conduct regular scans, penetration tests, and vulnerability assessments.
Dealing with ransomware
If you’re attacked by a ransomware infection, you’ll want to respond right away. Take the following steps:
- Disconnect any infected machines from your network (wired and wireless) as soon as possible
- Contact law enforcement and your insurance provider immediately
- Evaluate the extent of the infection, identify the ransomware variant type, if possible, and determine whether the infected machine was connected to shared or unshared network drives, external hard drives, USBs, or cloud-based storage
- Check for any registries or file listings created by the ransomware
- Clean the ransomware from the impacted systems and reinstall the operating system
- Restore from a reliable backup
Paying a ransom
If you don’t have a backup and are considering paying the ransom, there are a few things to consider. Are you comfortable paying an unknown source? And since you’ll be using your organization’s funds to make a ransom payment or pay an unknown source, are there any compliance or legal considerations you need to address? Also, keep in mind that you should scan any files you’ve received from the criminals for malware.
Here are some other items to keep in mind as you plan out making a payment:
- Be aware the attackers might just take the money and run, or their decryption code might fail to work.
- Consider how, and to what extent, you try to communicate with the criminals. Often, the ransomware includes a hotline or even webpages dedicated to guiding victims through the payment protocol.
- Negotiate a lower price with the criminals or ask them for additional time to pay.
- Consider the criminals may have no idea what type of data is at risk, or whether you have backups. Don’t share this information with them to avoid a larger ransom demand.
- Confirm the files can be unlocked. Some extortion arrangements come with a “proof of life,” which can help you verify that the criminal can open your files. Use caution with any programs provided.
- Understand that purchasing bitcoin from an exchange or broker can take up to 3–5 business days. If the bitcoin amount is relatively low, you may find that obtaining bitcoin from an ATM could be your fastest option. To use purchased bitcoins, you’ll need to establish a bitcoin wallet. You can choose from various types of wallets.
As an insurance carrier, we can’t provide any assurance or guarantee that any one exchange, wallet, or bitcoin transaction can be completely trusted. We also can’t guarantee that your transaction will result in data recovery.
Once you get the key
If possible, consider testing the decryption key on a backup of the encrypted data, so you can determine if it works without potentially causing a data corruption issue with your encrypted data.
At Hortica, we want to assist you in protecting your business by providing the information and resources you need—especially if you’re considering paying the ransom. Give us a call at 800-851-7740. Let’s have a conversation about protecting your critical data.
Learn more about protecting your business, check out the Hortica Resources section.
Concerned about equipment thefts from your business? There are ways to protect yourself.
Security cameras may provide you some extra piece of mind. Check out the details.