In November 2016 -- the day after Black Friday -- the public transit system of San Francisco fell prey to a ransomware attack that disabled its ticketing system for an entire day. With no fallback system in place -- and no way to sell tickets without the computer system -- the San Francisco Municipal Transportation Agency had no choice but to open the gates and let passengers ride for free.
Ransomware is a form of malicious software that encrypts a computer's hard drive, disabling the computer until the attacker receives a ransom payment. In SFMTA's case, the attacker demanded 100 bitcoins -- or about $73,000 -- to unlock the compromised computer's files.
A representative of SFMTA claimed that the agency did not pay the ransom. According to the representative, the agency's internal IT staff was able to remove the infection from the compromised computer. However, the infection disrupted SFMTA's ability to earn revenue for more than 24 hours during the most important shopping weekend of the year.
Ransomware Is Big Business
Ransomware has become an increasingly common way for hackers to extort money from businesses and home computer users. During September 2016, computer security firm Kaspersky Lab detected a ransomware attack on a small business once every 10 seconds.
During 2015 and 2016, ransomware attacks affected 42 percent of small and medium businesses. Of those, 67 percent suffered data loss.
One in three businesses hit by ransomware during 2015 and 2016 paid money to regain access to their data. Unfortunately, honor is rare among thieves; 20 percent of the businesses that paid ransoms never received the encryption keys necessary to restore their data.
The FBI reported that businesses paid more than $200 million to resolve ransomware attacks in 2016 alone.
How Ransomware Infects Businesses
Phishing emails -- messages that purports to be something it isn't in an attempt to get you to perform an action that will harm your computer or compromise your private information -- is the most common vector for ransomware. Typically, the hacker sends the ransomware as an email attachment. Hackers use a variety of strategies to coerce victims into opening malicious attachments. A typical phishing email may look like any of the following:
Typically, the hacker sends the ransomware as an email attachment. Hackers use a variety of strategies to coerce victims into opening malicious attachments. A typical phishing email may look like any of the following:
- A message from your bank asking you to sign and return a document
- A message from an attorney serving notice of a lawsuit
- A message from a friend or family member with attached vacation photos
- A message from a member of the opposite sex asking you to initiate a chat on a dating website
Although the file name may make the attachment look like a document or photo, it is actually an executable file that infects your computer immediately when you double-click it.
Increasingly, cybercriminals employ spear phishing techniques to improve the success rates of their phishing attempts. Spear phishing is an attempt to send a more targeted phishing message by learning something about the victim and adding that information to the message.
If an attacker learns the name of your wife, college buddy or attorney and uses that person's name in the message, you're much more likely to download and open the malicious payload.
A Continuity Plan Can Save a Business
Malicious software is nothing new -- and neither are dangerous email attachments. It's likely that your business already uses antivirus software on all of its workstations. You may have also devoted some time to educating your employees about safe email and web browser usage.
People make mistakes, though -- and no antivirus solution is 100 percent effective.
Fortune favors the prepared. Statistically, your business has almost a one in two chance of falling victim to a ransomware attack this year. The pragmatic approach would be to assume that your business will be one of the unlucky ones and plan your contingency plan in advance.
Don't play a cybercriminal's game. Develop your business's cloud continuity strategy now. With a business continuity plan in place, you can feel secure in the knowledge that each of your critical systems has a live backup in the cloud.
If a system should ever become inaccessible due to a malware attack, you won't have the fear the loss of data or revenue -- you can simply continue operating your critical services remotely or deploy a new system with a backup from the cloud.
Each business has different needs, and we've discussed some of the best practices in the article today. If you're interested in a more comprehensive security audit and don't have an in-house IT manager, outsourcing the duty can be an effective solution. Make sure you visit our website, Continuous Networks, and get in touch with our team for a comprehensive security audit.