Blackmail Ransomware: Beware!

This week, the Federal Trade Commission and Federal Bureau of Investigations issued a warning about an aggressive blackmail ransomware referred to as Cryptolocker.  Cryptolocker first appeared last fall and again this winter in an updated, copy-cat version.

The ransomware uses strong cryptography to encrypt all files that an infected computer has access to and demands a ransom for the decryption key.  The ransom page even includes a countdown clock.  The scam starts with a phishing email purportedly from a known company like FedEx, UPS, or Xerox.  It tricks users into opening a zip attachment that contains executable files, often disguised as PDF files, and then demands hundreds of dollars to give the data back.  In some instances, particularly in the absence of offline backups, the ransomware may lock the contents of backup disks that were created for immediate access when the main disks fail or are inaccessible as in the ransomware situation.

Protecting personal information is often the focus of privacy blogs and articles. Yet with CryptoLocker, the focus is shifted to maintaining access to all files, including those that contain information necessary for business continuity, in addition to safeguarding personal information.

What steps can companies take to protect against hijacked business information by ransomware such as Cryptolocker?  One of the first steps is to detect suspicious activity by routine monitoring and vigilent alertness of employees.  Companies keep a variety of information in their files — names, EINs or Social Security numbers, and data related to accounts, products, production, inventory, and orders, etc. — information that is necessary to perform essential business functions.  When ransomware hijacks that information, it can lead to an interruption in business, loss of customer business, and possible fraud, identity theft, or other similar harms.

Best practices include regularly backing up files offline, minimizing business data interruption or loss.  For small businesses and home offices, an external hard drive may be an option, but disconnect it when you are not actively backing up files.  If the backup device is connected to your computer when Cryptolocker strikes, the program may lock those files, too.

Also consider using email filtering rules that strip out executable attachments, keeping your computer software up-to-date, and regularly running antiviral and antispyware products.  If you already have a “botnet”, the hacker can upload files through that without any email at all.  Keeping operating systems patched and anti-malware and anti-virus software up-to-date, you stand a better chance of avoiding ransomware.  Remind anyone with an office email account that instead of clicking a link in an unexpected message, it is safer to type into your browser the URL of the company the message claims to be from and then navigate to the information you need.  The FTC also recommends taking a closer look before downloading a file that ends with .exe.

Regardless of the size or nature of the business, sound information security practices will significantly help maintain the information necessary for business continuity.

Sound information security practices are best memorialized in a written policy and implemented by employee training and enforcement to help ensure compliance with the security practices.  Even more, sound information security practices may prevent business injury from ransomware.  Privacy lawyers can help businesses with the creation and implementation of security practices.  They provide legal counseling about sound information security practices tailored to specific businesses, draft written security policies, and help develop training policy and training certification forms and enforcement policies.

Deanya K. Cocanougher, CIPP/US 817-877-2809 direct