Beware Ransomware: Protecting your business from cyberattacks
In early May, Colonial Pipeline, one of the largest U.S. fuel pipelines, was forced to temporarily shut down its operations because of a ransomware cyberattack. The company transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, and the attack caused massive gasoline disruptions in the southeast. U.S. Colonial Pipeline paid the ransomware attacker $4.4 million.
What is ransomware?
Cyber criminals use a type of malicious software to block businesses from accessing their own data. When ransomware infects a device, it will either lock the screen or encrypt all the files. It can also use a network to spread to other connected devices. Likely, attackers will have created a page to reveal that all files are locked and a ransom must be paid to get them back.
Cyberattacks are a growing problem. In October 2019, an IT consulting firm based in Wisconsin paid an undisclosed sum to an attacker who had blocked client access to patient medical records. In December 2020, Vancouver’s TransLink was hit by a cyberattack demanding $7.5 million. And this past January, a Quebec man was charged in the “NetWalker” ransomware attacks that targeted institutions like the College of Nurses of Ontario and the Northwest Territories Power Corporation.
A recent report by cybersecurity company Emsisoft estimates that ransomware demands increased by more than 80 per cent globally in 2020, with Canadian companies paying out hundreds of millions of dollars to attackers.
While most recent attacks have been on large companies, ransomware attacks are also a problem for small and medium-sized businesses. In fact, they can be more devastating – smaller businesses are generally not in a position to afford:
· the ransom, although the general advice is to NOT pay the hostage takers,
· lost revenue due to downtime and extra costs of recovering from the attack,
· the loss of data – a 2017 survey by CyberEdge Group found that fewer than half of those who fell victim to ransomware infections were able to recover their files after paying the ransom, and
· the harm to reputations and loss of customer and supplier confidence.
What should you do? Your best course of action is prevention.
Provide your employees with security awareness training.
No matter what security features are installed on someone’s device, if an employee clicks on a malicious link, your company could be in trouble. Email phishing is the most common method of spreading ransomware, so make sure employees know how to recognize phishing attempts and report them.
Keep your security systems up-to-date.
Unpatched and unsupported operating systems are easy targets for cyber attackers. Keep your operating system and all third-party apps patched with the newest updates as they come available. Review your systems on an ongoing basis.
Back up your data.
If ransomware is planted on just one device, it can quickly spread across your entire network. Perform frequent back-ups and store them off-line – not connected to the Internet or any local network. If you are ever infected by a ransomware attack, you’ll be able to restore your safe files without having to deal with the attacker or pay the ransom.
Have a recovery plan and practice it.
Be prepared for a ransomware attack before it happens by performing a simulated ransomware event. Go through recovery procedures to find out how long it will take you to get back up and running and identify areas for improvement.
Don’t panic.
In the event of a real ransomware attack, your attackers will likely try to intimidate you to pay ransom right away. If your company and your employees are prepared, if proper security measures are in place and if your files have been frequently backed up, you may only stand to lose a small amount of data…and you won’t be forced to give in to ransom demands.
Find more information on ransomware prevention and recovery as well as other tips for keeping your business and devices safe by visiting the Government of Canada’s Canadian Centre for Cyber Security.
Resources
https://edition.cnn.com/2021/05/10/politics/colonial-ransomware-attack-explainer/index.html