Posted by Margo Leiter, CISM on Jun 14, 2021 2:50:11 PM

Ransomware attacks are nothing new, but there has been a major surge since the COVID-19 pandemic. Cybercriminals are using the fear and uncertainty of the pandemic to send malicious emails purporting to be from a legitimate source, such as the WHO, Centers for Disease Control and Prevention, Get My Vaccines, etc.

These emails appear genuine, but when you or an employee click on embedded link, your network locks up and those responsible hold all your date for ransom.
Statista, a global business data platform, conducted a 2020 cybersecurity survey revealing that 68 percent of organizations in the United States had experienced a ransomware attack and had paid the ransom as a result. Additionally, 10 percent of U.S. organizations were infected from a ransomware attack, but did not pay the ransom, and 22 percent of U.S. organizations were not infected at all.

What exactly is ransomware?
Ransomware is a type of malicious software that locks up a company’s files so that the owner no longer can access them. All of the company’s data is held hostage until a ransom is paid in money or cryptocurrency. Paying in Bitcoin or another cryptocurrency gives the cybercriminal anonymity and cannot be traced.

Cybercriminals often create organized groups and extremely sophisticated attacks. These attacks often target large organizations, because they can ask for a larger ransom, although small organizations and individuals are also at risk.

What other costs may be involved?
• The average ransom requested of an organization varies between 6 to 7 figures. According to a white paper published by the Sophos Group PLC, a security software and hardware company, the average global restoration cost is $761,106.00.
• Downtime and lost productivity.
• Employee overtime.
• Time to recover and restore from the incident.
• Additional devices and equipment.
• Forensic investigation.
• Reputational damage.
• Additional IT costs to prevent future attacks.

What do I do if it happens?
• Immediately disconnect the infected PC from the network before it spreads.
• Reach out to an IT expert.
• Contact your Cyber Insurance Agency.
• Identify where your backups are stored and restore your system from the backups.
• Report the incident to the FBI’s Internet Crime Complaint Center.
• If sensitive customer information was compromised, notify the affected individuals.

How can I protect my personal PC and my business?
• Train employees to recognize email scams and use caution when clicking on webpages.
• Back up data routinely and store it off the network.
• Keep PCs patched and security up to date.
• Maintain an updated incident response plan.
• Maintain a cyber-insurance policy that covers ransomware.

Law enforcement does not recommend you pay the ransom, since there no guarantee you will get your data back. Furthermore, paying the ransom almost doubles the overall remediation cost versus not paying. Not paying may make you feel better about not fueling the cybercriminals, and it also saves money in the long run. This is because, even if you pay the ransom, there is still a lot of work to do and money to spend restoring the data, and on top of that is the cost of the ransom.

Nevertheless, when your business is faced with the inability to function, you have to be prepared to evaluate your options.

For the Sophos Group white paper cited above, the company commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide new insight into what actually happens once ransomware hits. It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cybersecurity insurance.

The Federal Trade Commission provides information in an article on its website: Ransomware prevention: An update for businesses and features a Ransomware Quiz.

Posted by Margo Leiter, CISM

Margo Leiter is a resident DeSoto County, where she began her banking career in 1981 at Crews Bank & Trust, formerly known as the First State Bank of Arcadia. In 2008, she took on the role of the Chief Information Security Officer for the Crews Banking Corporation holding company, which includes Wauchula State Bank, Charlotte State Bank & Trust, Englewood Bank & Trust and Crews Bank & Trust. She subsequently became a Certified Information Security Manager (CISM), overseeing management of the company’s Information Security Program to ensure sensitive customer information is safe and secure. In her personal life she enjoys shopping, traveling with her husband, and spending quality time with her children, grandchildren and church family.