Surprisingly, if your company is a victim of ransomware, the Federal Bureau of Investigation (FBI) now advises that you to pay the ransom!
Why does the FBI recommend paying the ransom?
Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, speaking at Cyber Security Summit 2015 in Boston, said “The ransomware is that good.” You may not be able to get your data back from the cyber criminals without paying the ransom. The FBI has not been successful at unencrypting the data.
Ransomware is malware that makes your data inaccessible, often by encrypting it. Cyber criminals demand a ransom to provide the key to decrypt your data, and the payment is usually required in the form of Bitcoins, a form of digital currency, because the transaction can be carried out anonymously. While ransomware has been around for more than ten years, during the past three years there has been an increase in the number of incidents. In fact, the FBI received 992 complaints related to CryptoWall ransomware between April 2014 and June 2015, and payments from this ransomware in the U.S. totaled over $18 million. Even more astounding, a new report from the Cyber Threat Alliance found that Cryptowall 3.0 ransomware raked in $325 million in ransom income worldwide, from hundreds of thousands of users, since version 3.0 was detected in January of 2015. Victims of ransomware are advised to contact their local FBI field office, so that the FBI can keep information on the attacks and how the scams are evolving, but the FBI is unlikely to be able to recover your data due to the ultra-secure encryption algorithms used to encrypt the ransomed data.
Not that it’s any consolation, but the fact that there are so many companies paying the ransom has kept the ransom amounts low – “only” $200 to $10,000. The cost to your company in downtime while your company tries to decrypt the files, or the cost of trying to recreate the data, may add up to much more than the cost of the ransom.
How can you avoid being a victim of ransomware?
Ransomware such as CryptoLocker, CryptoWall and Reveton rely on Social Engineering to trick users into installing them. They are usually delivered via malicious links – on websites, in advertisements including popups, and in spam emails – or via infected files. This means that someone has to actually click on the link or download the file for that person’s computer, and the network to which it is connected, to be infected by the malware. Other ransomware such as LowLevel04 is delivered via weak or default passwords.
Using multiple layers of security will help to prevent the attackers from getting into your network. This includes using antivirus software, spam filters, and a firewall, enabling popup blockers, and patching your systems with the latest security patches. Training your staff about cybersecurity will also protect your company. The foundation of your business security is a secure technical infrastructure, but human error helps the cyber criminals get past your otherwise secure infrastructure.
How can you get your data back if you are a victim?
If your company does get hit with ransomware, it would be nice for you to be able to call the FBI simply to report “my company was a victim or ransomware, but we don’t need your help to recover our data.”
While you could pay the ransom, if you have reliable backups you can restore your data without having to reward the cyber-criminals. Your company must be vigilant not only about backing up your data frequently, but also testing the backups to ensure that they can be restored. If your company’s files are held for ransom, your company will be able to restore the backed-up data instead of paying the ransom. You will need to wipe your systems before you restore the data. If your applications or operating system are affected by the malware, you may need to first purchase and install this software before you can actually restore your backed-up data. With a business continuity solution, your operating system, applications and data are all backed-up, and an image of your network before it was hijacked can be restored. This enables your company to get back to work in a few hours rather than a few days.
Big Idea Technology can help your company set up the multiple layers of defense required to protect your network, and avoid the need to pay ransom for your data if the cyber criminals do succeed in getting in. Protect your business from the continually evolving cyber-threats. Call us.