Ransom demands range from a few hundred dollars to several thousand, depending on the size of the victim. Not all ransomware attacks are reported to authorities, so estimates of the total amount paid over the past few years vary widely, ranging up to $300 million. The more notorious names among ransomware are CryptoLocker, CryptoWall, TorrentLocker and Locky, among others. Some attacks rely on software that now has known fixes, so a solution might be found online. However, other ransomware is technically advanced and has no known fix, except for the victim to rely on current backup files.
The primary defense is to institute frequent backups of the files you do not want to lose. Some ransomware even seeks out backup copies of files, so best practices include creating multiple backups in different locations. Cloud services, or remote backup services, and external or USB hard drives are options to consider for multiple backups.
Even with backup files in place, a firm may still spend many hours gathering, re-entering and reconstructing data. Rebuilding work, such as tax returns based on the backups, also takes time. If personally identifiable information is involved, such as Social Security numbers, the firm might also need a professional risk assessment to determine its legal responsibilities.
Such losses can sometimes be avoided by creating user awareness and training everyone in your firm to be extremely cautious about unsolicited or questionable attachments or hyperlinks in email messages. Training can broaden your firm’s prevention IQ. It also never hurts to call or contact senders to ask if they sent you a document before you open it. Sometimes ransomware enters a computer system via innocuous-looking Word or Excel documents. There’s a reason why people say, "An ounce of prevention is worth a pound of cure."
Loss Prevention Tips
- Create backup copies of all important data and information on a regular basis. The frequency of backup depends on: how often your data changes, and the impact on your business if you lose the data between the last backup and the time of loss. Store and secure backup copies away from your office location and use encryption to protect any sensitive information about your firm and clients. Regular backups better ensure that critical data is not lost in the event of a cyber-attack or physical incident such as a fire or flood.
- Do not open attachments or hyperlinks if you did not request them or if the e-mail is suspicious or questionable. Do not follow instructions to "enable macros" or "enable content." Many attacks appear to come from a trusted source or someone you know, as part of a social engineering scheme. A scheduled event, travel plans, or user interests can be used to create what looks like a legitimate document, employing logos and brands to deceive users into performing an action such as opening a document, clicking a link, or changing a password. The action then enables a hacker to commandeer accounts and launch attacks. By hovering your mouse over a link, without clicking it, you can check the address for the website. If the address is for a different website, that’s a big red flag, as is a misspelled link.
- Strictly define user permissions and restrictions so that users don’t have any more rights or access to a program or system than they need, also known as the “least privilege” concept. The same applies to administrators, who should not stay logged in as an administrator any longer than is strictly necessary. Excessive rights and activities can allow malware to do extra harm and lead to large losses of data.
- Apply all software security updates to your computer. Once a software vulnerability is identified, most software companies automatically issue software updates. If the software you are using does not have an automatic update feature, develop a business practice to check for latest updates.
- Antivirus software is a must. Antivirus companies constantly update virus definitions to defend computers against new threats, and for the most part these software updates are seamless to the user. Most anti-virus software includes spyware, adware and e-mail attachment protection. If not, they should be deployed along with antivirus software.
- Consider cyber insurance. Coverage for extortion expenses incurred as a result of a credible cyber extortion threat is a good feature, but remember that paying a ransom does not always decrypt files.
With more devices becoming connected to the Internet, it’s important to take steps toward avoiding cyber threats such as ransomware. Have a plan in place for mitigating threats and risks. If and when you are hit by a threat, you’ll at least be in line with the Boy Scout motto, “Be prepared.”
Randy R. Werner, J.D., LL.M./Tax, CPA is a loss prevention executive with CAMICO (www.camico.com). She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics.