The FBI has recently warned of a staggering increase in ransomware attacks against businesses since the start of the COVID-19 pandemic. As the way we do business continues to increase remote work and a reliance on digital accessibility, business owners and managers should learn how to prevent attacks and how to manage a security breach if preventive measures fall short. The following provides an overview of ransomware attacks and how business leaders can respond to this particular cyber threat.
Cybercrime reports to the FBI have quadrupled in 2020. The FBI Internet Crime Complaint Center currently logs in between 3,000 and 4,000 calls a day. Ransomware attacks in particular have increased by seven-fold since 2019, and the estimated global cost of ransomware attacks for 2020 is $20 billion, according to cybersecurity firm Bitdefender. A recent report from insurance provider Beazley states, “In 2020, we have seen significant changes to the cyber risk landscape. Ransomware has grown in frequency and severity, and extortion demands have risen. The threat of data exfiltration and consequent release of confidential information has increased, and the resulting business interruption of all these events has become a regular occurrence.”
According to the Q2 2020 Ransomware Report published by ransomware consulting firm Coveware, the average ransom payment grew to $178,254 in the second quarter of 2020, up 60% from the first quarter. The percentage of ransomware incidents where data had been “exfiltrated” — meaning it’s withdrawn from the victim-organization’s network — grew from 7.8% in the first quarter of 2020 to 22% in the second quarter of the year.
No one is immune. Ransomware attacks have been launched against large and small organizations, including public and private businesses, educational facilities, health care providers, government agencies, and non-profit entities.
Anatomy of Ransomware Attacks
Ransomware is malware designed to prevent access to a computer system or files until the user meets the perpetrator’s payment demands. Basically, your entire computer network becomes inaccessible to your employees and clients until you pay a ransom.
Back in the 1980s, when ransomware was introduced, attacks typically targeted individuals, and victims paid through the regular U.S. mail. Today, high-tech crooks usually go after deeper pockets and often require the victims to pay ransom with credit cards or cryptocurrency, such as Bitcoin.
It does not take much to be infected. Typically, the malware takes root when perpetrators send a malicious email to an employee of a company, often utilizing phishing or spear phishing techniques. Word files, PDFs, or links to a website may install the malware on the user’s computer and, from there, infiltrate the network.
Why would anyone open an unsolicited email and then open an attachment or click a link? Looks can be deceiving. Frequently, the email appears to come from a legitimate business partner or from a friend or relative. In other cases, perpetrators pose as law enforcement officials or representatives of agencies, such as the FBI, IRS, or Department of Labor, to scare victims into paying up.
Additionally, a user’s computer can become infected through malvertising, malicious advertising that hooks recipients with little or no interaction on their part. For example, if you simply browse the web and come across malvertising, it can infect your computer, even if you don’t click on the ad.
Once a user’s device has been compromised, the perpetrator has a foothold in your entire IT environment. Before your IT department detects the breach, the hacker can explore your network for vulnerable systems and sensitive data and encrypt data indiscriminately. Then the hacker can demand a ransom for the decryption key needed to restore your access to the network.
The threat of ransomware continues to grow, especially as more people work, learn, and interact with organizations remotely during the COVID-19 pandemic. Your organization should take steps to protect your networks from these attacks. Generally, this requires people who access your network to identify ransomware before it infects their computers.
Consider implementing the following best practices:
Train users to recognize red flags. Employees and other users who access your network should understand how ransomware attacks happen and why they need to exercise caution when opening unsolicited emails and searching the internet. For example, before clicking on a link or opening a file, they should be trained to verify the sender’s email address.
Require your staff to participate in regular cybersecurity awareness training sessions. Consider testing methods that simulate actual ransomware attacks to help improve awareness and test the effectiveness of your training program.
Install the latest IT security products. Take advantage of the advanced technology at your disposal. Examples include antivirus software, firewalls, and email filters designed to keep outsiders at bay.
Stay current on updates. Ensure user’s update all operating systems and applications on their computers. If not, secure the latest patches from verifiable sources. Criminals launching ransomware attacks prey on those with vulnerable systems and applications.
Back up files. Perform frequent backups of your system and other important files. If a computer becomes infected with ransomware, you can restore your system to its previous state using backups — as long as you catch the attack before the perpetrator has a chance to encrypt the data. Store backups in a device separate from the network, like an external hard drive or in the Cloud.
Many organizations also buy cyber liability and breach response insurance to fortify their defenses against losses from breaches and ransomware attacks. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident. Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. It typically protects against liability or losses that come from unauthorized access to your company’s electronic data and software.
Instead of purchasing a standalone cyber liability policy, you can add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the endorsement is not as extensive as the coverage in a standalone policy.
Business owners and managers should carefully read their policies to understand what types of incidents are specifically excluded from coverage. Remember, no type of cyber liability insurance can replace sound cybersecurity policies and procedures. Other well-resourced preventive measures may also reduce your premiums for cyber insurance.
Unfortunately, preventive measures are not foolproof. If your organization falls victim to a ransomware attack, what should you do?
You may feel tempted to pay the ransom immediately, hoping the threat will go away quickly and with minimal harm. But paying ransom can be costlier than restoring data from backup files or other means. The average cost to remediate an encryption ransomware attack is $1,448,458 for victims that paid the ransom, compared to only $732,520 for those that didn’t ante up, according to “The State of Ransomware 2020” published by IT security firm, Sophos.
Why does paying ransom roughly double the cost of a ransomware attack? First, you must pay the ransom. From there, you must restore the data and get your network back up and running after an attack. Plus, you do not have a guarantee that your data will be fully restored even if you obtain the decryption key from the perpetrator.
If your organization has insurance coverage against ransomware attacks, your insurer can help guide you through the process of reporting the incident to law enforcement, restoring your systems, and communicating the effects to stakeholders. Your financial and legal advisors can be valuable resources, too.
For more information on how to safeguard against these attacks or how to respond if your network is breached, contact a Hantzon Wiebel advisor today.
© Copyright 2021 Thomson Reuters.
Disclaimer of Liability
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.