Ransomware is a menacing cyber threat because it exposes a business to cyber extortion. A ransomware infection can harm a business by opening up its legal risks and shutting down its operations.
Ransomware is a form of malicious software that encrypts the files on a victim’s computer. After the files are locked, a message appears that demands a payment for the decryption key.
Any type of business can be a ransomware target. In April 2017, CyberScoop.com reported that the average ransomware payment averages around $1,000. If a data backup is not available, the victim must decide whether to pay the ransom, or the victim will have to accept that the locked files are useless. Unless the victim obtains the decryption key, the files will remain unreadable.
How Ransomware Spreads
Ransomware gets into a computer through sneaky methods such as drive-by downloads and social engineering. If a computer system is not setup for automatic updates, it will be extremely vulnerable to becoming infected with ransomware. Usually, ransomware is delivered from a malicious website that exploits a security flaw in the victim’s device. The security hole causes the victim’s device to download the malware. Ransomware is also spread with malicious links through social engineering, which includes phishing (email), vishing (phone), and smishing (text message).
Newer generations of ransomware have taken on aspects of a worm, such as WannaCry ransomware. A worm has the ability to spread across a network to many other systems. Ransomware can also be polymorphic, which means it re-encrypts or modifies itself so that the new hash value of the code differs from any signature that could be recognized by a scanner.
Ransomware can be custom-designed and targeted at a certain business. A business that handles sensitive information is a prime target for a high-dollar ransom demand. Ransomware-as-a-Service (RaaS) is available on the dark web where buyers can order customized crypto-malware. Also, RaaS platforms are available on the open web through service kits, web projects, and affiliate programs. As a result, the amount of ransomware in circulation on the web continues to increase.
Legal Hazards of Ransomware
A ransomware infection might expose a business to legal liabilities. Downtime of business operations can lead to legal actions, which includes lawsuits for breach of contract and negligence. Additionally, state data breach laws could classify the ransomware attack as a breach and require notification to affected individuals, credit bureaus, and state agencies.
To mitigate expenses from an attack, a business could obtain cyber insurance. The policy should include cyber extortion coverage for ransomware. Also, the policy should have regulatory coverage for legal compliance and fines. However, a business manager should pay close attention to the terms in the policy. For example, the policy may require the insured to immediately contact the insurer before paying a ransom. Also, to receive payment for a claim, the business must be in compliance with any policy requirements, such as having performed a security penetration test on the network.
Ransomware Prevention and Recovery
Managers should be proactive to protect a business from ransomware, such as conducting a cyber security assessment and preparing a contingency plan if infected. The most effective measures are automatic system updates and automated daily backups. For added protection, every computer should have anti-malware software installed on its hard drive.
Being prepared is the best way to avoid a ransomware infection. As a hopeful sign, decryption keys for some infections are available on the web, such as NoMoreRansom.org, which provides a repository of keys to decrypt data locked by ransomware.