Last year, I gave a presentation where we discussed ransomware, and how it was a growing industry for cybercriminals. Ransomware is, well, a lot what it sounds like: malware that locks your data and holds it for a ransom. You pay (often in bitcoin), or the data is wiped forever. Ransomware is simple to deploy, easily spread (think: WannaCry), and profitable. It’s also far more common than you may think: the FBI says that many attacks go unreported, often because companies don’t want to disclose that they’ve been breached.
My co-presenter, who is a white hat, noted that the newer generation of hackers are refusing to unlock data even after a payment is made. This is, in part, because they are less likely to be affiliated with organized crime than more seasoned criminals, and therefore, less interested in a long-term extortion racket that depends on a reputation for delivering after payment is received. It’s the cybercrime version of “this is why we can’t have nice things.”
Whether the ransom is respected or not, ransomware is a serious threat to businesses, and contrary to popular belief, not every malware has a built-in “kill switch” that will save your data. Most experts say that the only way to protect yourself is to have strong data security protocols in the first place and to have a plan on how to respond to a breach. Creating a secure platform for your data, and following up to ensure that your response to a breach isn’t self-defeating are critical.
Some thoughts on how to prepare:
- Develop a data breach response protocol now, instead of scrambling later;
- Conduct a thorough inventory and valuation of your data and determine how, where, and why it is stored the way it is;
- Identify key personnel and advisors who will take responsibility for following through on the planning and execution of the protocols, and don’t let the plan languish in draft form for months; and
- Recognize the need for dynamic thinking — don’t prepare for the last war, think ahead to emerging threats and new technology.
There’s no way to know how and when a ransomware attack will begin, but part of being DataSmart is knowing the risks that are out there and doing what’s possible to not be the low-hanging fruit.