It is estimated that one in three businesses in NJ have been hit by Cryptolocker or other variants of ransomware in the last 18 months. These vary from small to mid-size and even larger organizations in the state. Considering that the vast majority of breaches in NJ are still not reported, this number is staggering. Many businesses have not kept pace with the bad guys in securing their networks, and unfortunately have become victims as a result.
Just last week we assisted a local NJ business that came to us after struggling for a week on their own to recover from a ransomware attack. Safeguards were in place, but their security posture lax. The antivirus was renewed religiously every year and it was assumed an old firewall was still protecting them. It was also assumed the computer guy was doing his part to keep the business secure.
They were wrong and ignorance was not bliss. The old, out-of-date firewall provided little protection against current threats. The antivirus was ineffective in stopping the invasive ransomware once the infected email link was clicked. The computer guy was fixing issues as they arose, but they never asked (and he never offered) any sort of upgrades or management of their cybersecurity. The ransomware quickly spread from the lawyer’s PC to the network and soon encrypted the entire server network. An online backup had been established the prior year, but it hadn’t been running in 6 months. No one had bothered to check, and there were no other backups.
Decryption keys are available for some types of older ransomware which makes recovering data fairly easy. However, this strain of ransomware was new and breaking the encryption without the decryption keys is virtually impossible. The FBI recommends against paying a ransom. After all, there is no guarantee you will get your data once you pay. The business decided to pay the ransom as well as restore from the 6 month old backup. Trying to run your business with old data is no enviable task, let alone downloading the entire back up through an Internet connection.
It took over 2 days to download the data and it had little value. Luckily, their email system was not encrypted, so they recovered some recent files from email attachments. The remaining files were either recreated or a copy requested from other parties. What a hassle and embarrassment.
Paying a ransom is also no easy task. Bitcoins must be purchased through a public exchange and then transferred to the bad guys over the “dark web” with the hope you receive your decryption keys. The senior partner at this business wasn’t comfortable providing his ID and credit card to open up a Bitcoin account, so a manual verification process was required. Over a week later, they were still waiting to get their account funded. An entire week without your data can put you out of business.
For many of the reported cases of ransomware infections in NJ, we know the businesses were able to restore from backup and therefore, are unconcerned with protecting against future attacks. The thought of confidential client data in the hands of criminals or extended employee downtime or even the fear that the backup may not have been healthy is not enough for many businesses to make a change.
However, just having a good backup is not the end of the story. According to the NJ Identity Theft Protection Act, all data breaches including ransomware may require a breach notice. Breach notices not only increase the monetary cost of a security incident; they can be devastating to a business’s reputation.
Do not bet the livelihood of your business on a backup. Safeguards are available that can ensure almost zero likelihood of infection at little to no cost. You owe it to your staff, clients and professional reputation to use due diligence in securing your business. Find a Cybersecurity expert who can evaluate your current situation, and make sure you are secure.
Rashaad Bajwa is President/CEO of Domain Computer Services, one of the largest IT service providers serving the legal community in NJ/PA/NYC for the last 20 years. Rashaad is a CISSP (Certified Information Systems Security Professional) and a regular speaker at Cybersecurity events for NJBIA, ISC2, NJBA, NJALA and many other national and state associations. Rashaad may be contacted at firstname.lastname@example.org.