Imagine: You’re in an important meeting with clients, and you’re trying to pull up their files. Suddenly, you’re met with a menacing pop-up. “Your files have been encrypted,” the pop-up says. “For the decryption key, send $5,000 to account 00015 on Bitcoin before the timer runs out.” You look down, panicked, to see a timer set for 48 hours in the corner of the screen. You don’t have that kind of money to throw away, but you have important client information that you must access and protect. What can you do?
Ransomware attacks like these are one of the fastest-growing methods of cyberattack in the world. Law360 reports that ransomware attacks have risen from 1,000 attacks a day in 2015 to 4,000 a day in 2016, according to the Federal Bureau of Investigation (FBI).
Unfortunately, no one is completely immune. Hospitals, banks, and private citizens have all been hit. If it happens to you, you could stand to lose not only the money you may pay to get rid of the hacker but also days of work while you clear your networks, important data that you may not get back, and—most importantly—client trust.
What is ransomware?
Ransomware is a kind of malware that can make all or part of your computer(s) unusable unless you pay a ransom. Most ransomware encrypts your data, such as client information, passwords, and important documents, effectively making it inaccessible. It then requires a decryption key or a special code to unlock it again. You can get ransomware by clicking a link or attachment in an email, plugging in an infected USB drive, or visiting a compromised website.
Recently, ransomware has presented itself as messages from law enforcement agencies, claiming it has found illegal content on your computer and demanding money to erase it. Be aware that law enforcement agencies will not contact you in this way.
Scareware, an innocuous variation of ransomware, displays a pop-up that claims to have found a virus on your computer and that will offer to “fix it” for a fee. Scareware will not lock up your computer and must be dealt with differently from ransomware.
What does this have to do with you and your business?
If you are part of a small or medium-size advisory business, you are a prime target for ransomware attacks. Hackers zero in on businesses like yours because you likely have more assets than a private citizen but less cybersecurity than a large company.
As an advisor, you need to stay on top of cybersecurity issues such as ransomware because you also have regulatory obligations to fulfill. If you fail to protect yourself and your clients from attacks such as this, you could be hit with fines or other consequences from your state regulatory body, the U.S. Securities and Exchange Commission (SEC) or the Financial Industry Regulatory Authority (FINRA).
Furthermore, losing access to sensitive client data because of a failure to take precautions against cyberattacks can lead to lawsuits and loss of clientele. Taking the necessary precautions can prevent attacks and also mitigate the damage if your company falls prey to ransomware.
How can you guard against ransomware?
Although no plan is perfect, there are some steps you can take to help prevent ransomware attacks.
- Train your employees (and yourself) to recognize suspicious email links or websites.
- Before you click a link, make sure it’s from somebody you know, that you are expecting it, and that it doesn’t look “funny.” Examples of “funny” links are those that are misleading (for example, the link says it leads to one website but displays a different site name when you hover your mouse over it), misspelled (for example, FceBook.com, HuntngtonBank.com), have odd spacing (for example, iTunesStore Purchases, HuntingtonBank Inc.), or are from a company you do not use or have not heard of.
- Don’t conduct personal browsing or searching on your office computer. By doing this, you can decrease the chances of visiting a corrupted website or clicking a corrupted advertisement and putting client data at risk.
- Back up your important files and keep copies of them offline.
- The simplest way to do this is to transfer your important files onto a new USB drive with a good amount of memory storage. Then, make sure you unplug your USB drive and store it somewhere safe. Make multiple copies and store them in different locations, if needed.
- If you’d prefer not to back up your files yourself, there are many products and services you can use to do these tasks for you, such as Clonezilla or Comodo Backups.
Note: Do not count on automatic, cloud-based backup systems. A ransomware attack can corrupt this data as well.
- Set your antivirus/antimalware and operating systems to update automatically.
- Install an antivirus or antimalware program, such as AVG or MBAM. Set your antivirus and antimalware programs to update automatically.
- Be sure that your operating systems are also set to update automatically. Updates for your operating systems are often developed specifically to combat new cyberattacks and provide “patches” for the holes in your system’s security.
- Look into third-party solutions.
It can be difficult for small or medium-size businesses to find a company who is willing to combat the ransomware virus and attempt to decrypt your files for an affordable price.
Before you are hit by ransomware, look into the possibility of a “zero-dollar retainer” with one of these companies. A zero-dollar retainer is a way to engage a cybersecurity company’s services before they are needed and for free. This way, when the time comes for them to help, the formalities will already be in place and they will be ready to help you.
If you have more than a handful of employees, consider a third-party vulnerability assessment. Some reputable companies that specialize in these assessments are Ashland Partners and Winquest Cybersecurity.
If your company has already hired a managed service provider (MSP) to oversee its computers, make sure the MSP is performing annual vulnerability assessments. Get the schedule and the results of these assessments in writing.
What to do if your advisory firm is hit by ransomware
Unfortunately, even if you have taken steps to protect yourself, you may still be at risk. So what do you do if your network gets infected?
What should you do first?
Disconnect the infected computer from your network; turn off the wireless card or pull out the network cable. Isolate the infected computer as much as possible. Then, call your cybersecurity company or your local IT personnel.
What can you do for full recovery?
If you have external backups, a full recovery could be as simple as restoring your computer systems from your backups. If not, the options become limited by how critical your lost information is and how much you have prepared.
If you decide to contact a cybersecurity company, they may be able to “fight” the ransomware and decrypt your files. Most companies also guarantee the removal of the ransomware. MonsterCloud Cybersecurity, for example, has a description of their services here.
If you don’t have backups, should you pay the ransom?
Federal agencies are now recommending that you do not pay the ransom unless the information you will lose is life-saving or time-sensitive. Recovering the data after you pay is not guaranteed; the hackers are often overwhelmed by the number of people paying the ransom and cannot keep up.
Instead, contact your local law enforcement agency along with your cybersecurity company or IT personnel.
If you do pay the ransom and gain access to your files again, do not forget to “clean up” your computer to clear your systems of the malware. If you do not, the hackers may hit you again as you will be an easy target.
Is there anyone who can help me after infection?
If you have retained a cybersecurity company with a “zero-dollar retainer,” now would be the time to call them. They may be able to combat the ransomware virus and attempt to decrypt your files.
Remember to take these steps before infection to decrease the chances of getting ransomware:
- Train yourself and your employees to recognize suspicious emails or activity.
- Back up your important files.
- Update your antivirus programs and operating systems.
- Look into third-party solutions.
If you do get ransomware, take these steps to help your recovery along:
- Disconnect the infected computer from the network.
- Recover your files from backups or by using a cybersecurity company’s services.
- You should not pay the ransom unless your information is life-saving or time-sensitive.
- Use the services of a cybersecurity company that can help you clean your computers and restore data after an attack.