September 01, 2016
Author: HIR Staff
I have always been something of a technology whiz. My father, who was vice-president of IT at an insurance company, bought me a PC when I was seven and it got into my blood. At 13, I was building computers for clients and running a business. In high school, they put me in charge of the school’s computer system. My company, MBC Managed IT Services which I established at the age of 18, is now a leading IT support firm serving clients all over the Greater Toronto, ON, Area.
So when a devil like ransomware comes onto the scene and I say beware, it might be wise to listen.
Why is ransomware so potentially dangerous? Well, if you are an entrepreneur running a business – public or private – or if you are in charge of a department at a large organization, you could be vulnerable to an attack. Likewise, if you have financial assets that are largely controlled by technology – and who doesn’t? – you could also be victimized. And the consequences can be huge.
Not long ago the University of Calgary was hacked by an outside intruder. There was a conference going on at the campus with thousands of people attending and from the get-go problems started to develop with the school’s databases. It was correctly identified as an attack of malware known as ransomware. With no eMail working, conference attendees had to communicate by walkie-talkie and the system only came on again when the university paid a ransom of $20,000.
It sounds like something from the Wild West, but in the era of technology that’s exactly where we are today. The problem with ransomware is that certain sectors such as universities and hospitals are particularly vulnerable, but so are small businesses and definitely even the financial services sector.
So what exactly is ransomware? For starters, it initially goes after computer operating systems – Windows 7, 8, or 10, or Mac OS X. Any organization, large or small, that runs on Windows could be a target ‒ like a university, the University of Calgary, for example.
Indeed, universities and hospitals do not have a reputation for being highly secure where technology and data are concerned. And they’re not. At least three hospitals in the United States have already been hit and earlier this year there was suspicion that a small hospital in Ontario may have been hit as well. So how does ransomware work?
Ransomware usually spreads via eMail attachments or USB sticks. An unsuspecting victim opens a booby-trapped document (such as an Excel or PDF file) and the ransomware infects the computer. The virus then encrypts documents stored on your computer and demands payment via Bitcoin in order to have your files unlocked. Hence the term ‘ransomware’ – your data is literally held for ransom.
The FBI says ransomware victims paid up over $200 million in fix-up costs due to ransomware in the first quarter of 2016. That was almost 10 times the total for all of the year before. In Canada, an organization called the Canadian Cyber Incident Response Centre has data, too. It said last year we had 1,762 incidents involving cyber security and keep in mind that incidents never reported were not included in that number.
Why should we be concerned?
In the case of a hospital being attacked, records of medical examinations (like bloodwork, ultrasounds, or CT Scans) can be lost and scheduled procedures and patient notes rendered inaccessible. Essentially, what you have is a hospital that is unable to function and that cannot provide medical services to the public.
In the case of a university being attacked, student records and grades could be lost, which means that proof of a diploma or Masters degree could be lost forever.
As for a financial services business, individuals could lose access to portfolio data, trading history, and other necessary information related to gains, losses, and tax. If an attack happened around tax season, this could lead to delayed tax returns, penalties and interest to be paid to government.
The Canada Revenue Agency was recently impacted by a computer glitch and wound up delaying the tax-submission deadline because of it.
Because ransomware encrypts data, a whole organization could be infected. It’s true that many banks run on mainframe computers and this is a good thing; mainframe are generally good protection against ransomware, but even that isn’t foolproof and in the world of technology the bad guys tend to be a step ahead of the good guys. The problem is that people with substantial assets who leave things in the hands of their wealth-management advisor could be victimized by ransomware if that advisor’s business gets hacked.
Mainly this will result in delaying you being serviced by them. The good news is that your portfolio isn’t directly accessible by your advisors computer – so even if they did get infected, your portfolio information would remain intact. Here are some things you can do to guard against ransomware:
Make sure all your files are backed up to a place that is not directly connected to your computer or network. If the virus can access your external backup hard drive, it will also get infected by the ransomware. Same goes for cloud-based backups. Make sure your cloud-based backup solution has ‘version history’ because as soon as you are infected, your Dropbox or OneDrive software will synchronize the encrypted files straight up to the cloud.
Regularly update your anti-virus software, install the latest Windows or Mac OS updates, and make sure your computer firewall is enabled.
Ensure that your employees are aware of the dangers of potentially disruptive eMails that come with hyper-links. When in doubt, delete the eMail and confirm by telephone.
Ensure your employees watch out for messages that are fake ads, that impersonate websites (i.e., an airline or wireless provider), and that are social media scams.
Never open an attachment from someone you don’t know.
And if you’re really serious about preventing ransomware, here are some proactive measures to take:
Use an eMail security system. Hackers are becoming more savvy, but an eMail security system will identify web links that activate ransomware. And it will disable executables – files that start, even without you having to click on them.
An intrusion detection and prevention system will block suspicious outbound data streams by tapping into incoming and outbound data packets. This lets you fine-tune your security’s firewall so it can’t be hijacked by malware.
Give employees restricted privileges. That means allowing only limited access to sensitive information and programs which will control the spread of any outbreak.
Michael Benadiba is president and chief technology officer of MBC Managed IT Services, a technology company with small to medium-sized clients who want the full benefits of the latest technology, like cloud computing, without resorting to big-enterprise budgets.