Tag Archives: malicious software

Ransomware: Your Money or Your Data!

Your client, ABC Corp. is going about its business and then gets this message:

police

The above is a typical ransomware message, according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for two reasons:

1. Cyber criminals are become increasingly organized and well-funded.

2. A novice hacker can easily purchase ransomware on the black market.

According to the FBI, this type of cyber crime is increasingly targeting companies and government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive opens the file, sees nothing and continues with his work day. However, once the file has been opened, the malware has been executed, and Pandora has been unleashed from the box!

Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom”demand on the company. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the Internet to trade for goods or services worldwide. One bitcoin is worth about $298 at the moment. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 to $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock the system.

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that, if critical data is held hostage, they have a way to access most of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate it constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, if the data was not encrypted, or you cannot prove to the authorities that it was, notification to clients or individuals is likely necessary.

Takeaway

Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. To protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well-tailored cyber policy that contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as finance the ransom amount in the event a payment is made.

Restaurants Beware: Hackers Are Hungry!

Restaurants, pubs and diners all over the country serve hungry and thirsty people every day. From white tablecloth establishments to the local taco joint, almost all restaurants take credit/debit cards for the vast majority of their payments. One swipe, and customers go on their way. However, behind the scenes, restaurants nationwide are suffering at the hands of cyber thieves who target restaurants in an effort to steal their treasure trove of daily credit card information.

A recent Visa report indicates that restaurants now account for close to 73% of the data breaches in the U.S. Why restaurants? Low effort, high yield.

The smaller the better! Cyber thieves know that the smaller the establishment, the more likely it is to have weak security in place. With a single hack, a thief can reap a whole day’s worth of stored credit card data, while a continual harvest can produce months and even years of data. How is this possible? Thieves break through weak firewalls, take advantage of the all-too-common use of default passwords, hack into one web device (such as security cameras, payment processors, computers, DVR, WiFi) and then access all the other systems that are not segmented (all Web-based systems can talk to each other if not segmented). Once in, thieves can steal current data or install malicious software (“malware”) on the establishment’s system. This malware allows thieves to routinely access the credit card information that is collected each day. Failure by the establishment to detect and remedy this intrusion can lead to legal liability from customers alleging failure to adequately protect their credit card information.

Companies that have been breached often do not learn of the breach until they are notified by customers who have had their credit cards compromised or, even worse, when Visa/Master Card detects a pattern of compromised cards from one point of sale and contacts the establishment for reimbursement. Following a breach of customer credit card information, establishments will be required to notify affected customers of the breach. Notification is complicated and costly and must be done in a timely manner. Often, the effects of a breach include significant IT costs to remedy the breach, determine what information was compromised and repair the system. Lawsuits by customers and a significant drop in business revenue is also common, so there’s significant exposure to both first- and third-party loss.

Why are these types of breaches on the rise? Because hackers and thieves can earn quick cash. The going rate on the black market for credit card information is about $20 a card, and a single small restaurant can yield many dozens in a single day. Not bad for a day’s work! (Or not having to do a day’s work….)

Restaurant owners should take heed and take the security of their clients’ information very seriously. Establishments that process credit card information should review their security systems, update virus software routinely, train employees on security and best practices and consider a risk management plan that would include cyber insurance.

As restaurants are a growing target for cyber crime, if you have restaurant clients (or other clients that take credit card data) you should consult with them about their risks and liabilities. Based on their risk tolerance, consider whether the risk of being a victim of cyber theft is a risk they want to self-insure, or whether they would prefer to outsource this exposure via a cyber/network security policy. In today’s high-tech world, a well-thought-out risk management plan is invaluable and should work in conjunction with cyber/network security insurance, as no computer system — regardless of size or sophistication — is hack-proof.

A well-tailored cyber policy can provide a restaurant that experiences a breach with a forensic expert who will examine the systems to find out how and when the breach occurred, determine what information was compromised and assist in notifying the affected individuals. Depending on size and revenues, cyber policies can be as cheap as $1,000 and provide $1 million in coverage.

Hackers are just like the rest of us: They like to eat! Take precautions so your restaurant clients are not the ones that feed them. In the event that hackers get hungry at one of your client’s establishments, strong security controls and vigilance, combined with a well-drafted cyber policy, can prevent what otherwise could be a devastating blow to a small eatery, franchise restaurant or family diner.