Page 28 - CCCA Magazine. Winter 2018
P. 28
{ FeatUre }
Your Worst nigHtmAre HAs Come true.
Your orgAnizAtion HAs been HACked.
All Your reCords And Customer dAtA
Are gone. And noW tHe HACkers Are
demAnding A rAnsom. WHAt do You do?
his is not a movie. Ransomware is on the rise as cyber- The Normal Scenario
criminals fnd new ways to exploit and hijack networks. In You walk into the offce. Your systems have been hacked. You
tCanada, my company, Cytelligence, handles 40-50 ransom- and your colleagues see “IT problem.” Adding to that, IT may
ware attacks a month. And 9 times out of 10, in such situations, already feel responsible, like they were not doing their job—
operations must come to a complete halt while it is worked out. which could not be further from the truth.
In the past six months alone, we have seen three companies go IT may try to resolve it by googling solutions, buying new
bankrupt as a result. software or trying to negotiate with the perpetrators. Alterna-
When you are dealing with a ransom demand, the stakes are tively, organization executives may feel pressured to just make it
high. It is a legal, operational and reputational issue—all areas go away and simply agree to pay the ransom, without reporting
that fall into corporate counsel’s wheelhouse. And from what I it. (The Canadian Anti-Fraud Centre estimates that only 5% of
see, most of you are not prepared.
ransomware losses are reported.)
What is Ransomware? Both of these approaches are wrong. First, this is not IT’s
“fault” and a new anti-virus program is not going to solve it.
Ransomware is a type of malicious software that infects a com- While some of the perpetrators are current or former employ-
puter or network. Attackers send spear phishing emails or ex- ees looking to disrupt business, most are professional organized
ploit existing vulnerabilities to penetrate your system. Once the crime groups—some of the largest and most powerful in the
ransomware is inserted, they may release it right away or, more world. IT professionals are not trained to deal with this.
likely, spend weeks to months hunting around the network to Second, paying the ransom does not take care of the security
fnd the critical data stores frst. vulnerabilities that allowed the attack to occur in the frst place,
Once deployed, the ransomware encrypts fles either on a setting the company up to be a repeat target. In addition, access
certain computer or across the network. One or more users to data may not be restored even after the ransom is paid.
then see a message onscreen advising them that their fles have
been locked until a ransom is paid. A very specifc alphanumer- The Ideal Response
ic key is required to regain access to the data. You walk into the offce. Your systems have been hacked. You,
The ransom can vary signifcantly, ranging from thousands to as in-house counsel, are in charge. This is your company’s core
tens of thousands or even millions of dollars. One of the largest operations, reputation and legal compliance on the line, and
known Canadian ransoms paid to date happened last July when a everyone should be looking to you for direction. Having you in
major Canadian company was forced to pay $425,000 in Bitcoin. control also helps maintain privilege around the events in case
And the stakes are getting higher—a South Korean web host was of future legal action.
reportedly forced to pay about $1 million around that same time. Your frst step? Go see if you have back-ups that are not con-
Anyone can be a victim of ransomware attacks. Some of the nected to the internet (or they will be corrupt as well). If you are
biggest companies in the world have been hit. However, don’t lucky, you can simply start the long process of rebuilding from
think because you are small, you are safe. Hacking is a serious these back-ups.
business, and collecting “reasonable” ransom amounts from Then look to your cyberbreach response and ransom media-
several smaller businesses each day makes for a tidy proft.
tion plans, which every organization should already have in place.
28 CCCA MAGAzInE | WInTER 2018 HIVER