C
yber criminals are targeting more businesses than ever
before with ransomware, a type of malware that renders
systems encrypted and unusable until the victim pays a ransom
(often in Bitcoin or another cryptocurrency). Not only does this
hack debilitate daily operations until the ransom is paid, but it
also creates a significant financial burden for the organization.
And while some companies may believe they are safe, that isn’t
necessarily true.
Many businesses operate under the impression that they aren’t
targets for cyber criminals because they don’t store personally
identifiable information (PII) or protected health information
(ePHI) on their networks. But attackers can bring any organization’s
operations to a halt with ransomware — regardless of the type of
their industry or the data they maintain. And this makes anyone
who relies on computers for their day to day business operations
a target.
Financial implications of ransomware
Ransomware hit the public domain when Cryptolocker, a
notorious piece of malware, was unleashed in 2013. New and
more sophisticated variants, such as Bad Rabbit, WannaCry, Petya,
and Ryuk have since emerged along with higher ransom demands.
Since 2015, over 215 different variants have been discovered
— only 97 of which have known remediation tools. Ryuk is
34
particularly impactful since it can infect an entire enterprise
network, thus creating a true business interruption event. In fact,
officials in Jackson County, Georgia were recently forced to pay
$400,000 in ransom due to a Ryuk infestation.
How does a company become infected by ransomware?
There are many methods through which ransomware can enter
the network. Some of the more common methods include:
Poor authentication practices. Many organizations
have internet-accessible login prompts. If these login
portals aren’t secured by strong authentication practices,
including lengthy, complex password requirements and
multifactor authentication, then attackers could simply
guess login credentials.
Email phishing messages. If a user opens an infected
attachment or downloads malware from an infected
website, they put their company at risk of an attack.
Infected web pages. An infected website could
download and execute malware on a user’s PC.
A mobile device. If an employee uses a mobile device
running an MS operating system outside their organization’s
firewall without a personal firewall or a critical patch, they
risk infecting the internal network once they reconnect
the device.
NATDA Magazine www.natda.org