The Risk Manager, Fall 2016

Earlier this year CNN reported that “Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers.  This is not a new scam, but is so successful that it is expanding rapidly. At a computer security conference in Boston late last year, the FBI advised that some of the ransomware is so effective that in may not be possible to recover data without paying the ransom.

As we have reported in prior newsletters, the most common type of ransomware, Cryptolocker, scrambles all the data files on your computer with virtually unbreakable encryption. You learn you are infected when a pop-up window tells you that your data has been scrambled and will be deleted unless you pay a ransom within a very short period of time, typically 48 hours or so. The ransom is typically in the range of $100 to $300, but can be much higher depending on the scope of files encrypted. Ransom is usually payable only in bitcoins, a type of virtual currency that makes payments untraceable.

Our risk management advice to avoid ransomware scams is:

  • Use computer-security software to block suspicious emails – be sure to update regularly.
  • Never open attachments from a source you don’t recognize.
  • Require all firm members to be especially vigilant before downloading photos or PDF files, even if apparently from known sources, to avoid downloading an executable file that could download malware.
  • Establish off-site data backup systems and procedures for alternate access to the network.
  • Backup and archive all files nightly in an off-line system that is not connected to the vulnerable main office system. Some firms nightly backup all files on tape and lock the tapes in a fireproof safe in the office. They then further backup the files in off-site storage.
  • Include home computers, laptops, iPads, and smart phones in office cyber security programs.
  • Review computer system backup architecture and file-sharing architecture to assure that a single event of a malware download cannot infect both the main system and backup systems.