Companies investigating hacks put too much emphasis on technology and too little on business analysis. Organizations should look closely into accounting anomalies as they could be indicators of a breach. In an article by Dune Lawrence in Bloomberg Businessweek, Jeffrey Johnson, President & CEO at SquirrelWerkz and recent presenter at The U.S.-China Economic and Security Commission (USCC) said “All this time we’ve been focused on the technology layer, but it’s just a means to an end.” “What we forgot to do was to focus on the business transactions.” In 2012, Johnson was asked to examine a breach at a U.S. chemical company. An earlier investigation by the FBI concluded that Chinese hackers had penetrated the company’s network using a phishing email and gained control of servers.
Dune Lawrence explained that as Johnson began digging into the company’s business plans and operational data, it became clear the damage was more extensive and insidious. He uncovered evidence that the hackers were intercepting inbound orders, as well as outbound e-mails with price quotes and other terms. They also tampered with the ordering system for raw materials, causing production delays, and made off with valuable research related to a line of environmental products. The likely beneficiary of all the malicious activity emerged, Johnson says, when a Chinese firm made a low-ball offer for the U.S. company after its performance began faltering as a result of the hack.
Look closely at each financial statement line item for anomalies and ask for professional help to investigate if something seems to be amiss.
This post was co-authored by Nicole Baumgartner and Natasha Barnes.
Ransomware attacks have become recurring news headlines and show no signs of decline. Attackers continue to earn profits and increase the complexity of their attacks. From April 2014 – June 2015, the Federal Bureau of Investigation (FBI) reported more than $18 million in losses from ransomware attacks. Victims include individuals, businesses, and public agencies. According to Kaspersky Labs, corporate users experienced more than a 6% increase in attacks from 2014 – 2016; however, home users still encounter the majority of these attacks. It’s imperative to understand and implement security measures before your environment becomes the next hostage.
Ransomware is a form of malicious software or malware, which prohibits access to your computer and/or files until a ransom has been paid. This attack can render a computer, network, certain segments or files within it inaccessible to authorized users. There are multiple deployment methods for ransomware. Some of the most common ways include clicking on a malicious link, downloading deceptive attachments that contain executable files, and visiting unsecure websites.
There are several ransomware families; two of the most common versions are Locker Ransomware and Crypto Ransomware. Locker Ransomware disables access to computer files but typically leaves them unaltered. As it can be possible to remove this type of ransomware with anti-virus software, hackers began utilizing encryption to incentivize timely payment. Crypto Ransomware searches through files, encrypts those of interest, and requires ransom payment before providing the decryption key.
In case studies where Crypto Ransomware has been deployed to a school system (Horry County School District), hospital (Hollywood Presbyterian Medical Center), and police department (Tewksbury, Massachusetts), these entities ultimately paid the ransom due to the high costs and operational setbacks associated with losing the encrypted data. According to the FBI, ransomware fees range from $200 – $10,000. The Hollywood Presbyterian Hospital paid $17,000, Horry County paid $10,000, and the Tewksbury Police Department paid $500. Payment is usually required to be made using Bitcoins, which is a completely digital and encrypted currency. Companies are beginning to stockpile bitcoins in the event of a ransomware attack, as many entities did not have this currency at the time of attacks.
While ransom payments could be relatively nominal, there’s no guarantee that files will be decrypted and access restored. However, in the cases mentioned above and many other situations, the attackers upheld their end of the deal. Any time a payment is made, it may help that particular victim but it also offers an incentive for future attacks. Whether the ransom is paid or not, these attacks can result in a variety of adverse impacts including financial loss, temporary/permanent data loss, disruption to operations/service delivery, and reputational damage.
The best defense against ransomware is implementing preventive measures. Maintain a close pulse on ransomware capabilities as it is a constant evolving threat. The most important safeguard is to backup data frequently and consistently. Organizations should also have a disaster recovery plan and business continuity plan in place. These plans should be tested annually to determine their effectiveness and efficiency. Antivirus software and operating systems should be kept current. Practicing these cyber hygiene activities supports a defense-in-depth approach, which is vital to safeguarding against the persistent threat of ransomware attacks.
Download and listen to our recent webinar on Ransomware Prevalence and Safeguards to learn more.