Michael Ormseth, a sales executive and IT director at Pivot Power Inc. in Sioux Falls, has been concerned about the growing use of ransomware by cyber thieves. So, in late April he registered to attend an informational breakfast on ransomware hosted by SDN Communications.
Ironically, the day after Ormseth signed up to attend the May 24 session of “Uptime University: Rise of Ransomware,” one of the computers at Pivot Power, which sells diesel engines and generators, became infected with ransomware.
Fortunately, Ormseth has nearly three decades of experience in computer work and the type of infection that hit the company was relatively crude. He had been alerted to the problem within minutes of the infection and was able to restore the computer system to the condition it was in a few hours before the infection.
Although the attack was not successful, Ormseth had to spend about 20 hours going through files to eliminate problems, and another company employee lost about 90 minutes of work time.
He’s among those who expect ransomware problems in businesses to become more frequent and more complex.
“I think it’s going to get worse, more sophisticated,” he said.
Ransomware has been increasing in sophistication since the first known case in 1989, and perpetrators are casting an increasingly wider net in search of victims and profits.
Ransomware is malware that comes in different variations. The purpose of its use is usually the same, however. Cyber thieves use it to digitally extort repair payments from victims. Successful attacks typically cost small companies a few hundred dollars in ransom, but some large companies have paid thousands of dollars to save information.
“2016 is shaping up to be the year of ransomware,” said Jake VanDewater, director of managed services and customer premise equipment at SDN, the leading regional provider of broadband connectivity and online security services for businesses and institutions in the Sioux Falls region.
VanDewater was the lead speaker at the Uptime University session on ransomware, which attracted more than 125 registrants, including Ormseth, to the Hilton Garden Inn Downtown in Sioux Falls. A panel of security experts from SDN and Fortinet Inc. also spoke during the 2.5-hour event, which was repeated for a similar crowd in Sioux City the following day.
Ransomware threats are growing in nature for several reasons:
- There’s an increasing number of potential targets.
- Networks and payment systems provide anonymity.
- Any type of connected device is a potential entry to a network for criminals.
- Malware can be delivered through a variety of means. Contaminated emails, downloads and websites are all potential carriers.
Depending on the type of malware, ransomware can lock up a targeted computer or jumble information in files. Unfortunately, U.S. law enforcement agencies can’t do much to stop the spread of ransomware because the issue is global. Plus, tracking down and apprehending cybercriminals in other countries can be impossible.
So, the burden of preventing and fighting infections falls largely to the potential victims: companies and individuals.
SDN experts urge companies to have a response plan prepared in advance.
- Understand the threat and impact a successful attack can have on business operations.
- Prepare for the worst.
- Have a backup plan.
Paying the ransom should be a last resort. However, companies without good cybersecurity programs might not have a choice if they want to save valuable or sentimental electronic information. Estimates indicate that more than $24 million in ransom was paid in the United States in 2015.
However, even if the ransom is paid, there’s no guarantee that the files will be restored or preserved.
The best option is to protect networks at the front end of operations with good security equipment, policies and practices. Providing good and ongoing training to employees is especially important because the vast majority of data breaches are caused by human error, not equipment failure.