Editor’s note: Greg Bangs is a vice president at Chubb
Cybercrimes can cause significant financial harm. And just when companies think they’ve considered all the ways to mitigate cyber exposure, savvy online criminals create new ways to hack into systems.
Recently, cyber criminals have moved beyond stealing employee information or company credit card numbers. Instead, they’ve turned to a prize that they consider bigger and better: proprietary documents housed on company computers.
CryptoLocker is a sophisticated malware that utilizes public-key encryption, a type of cryptographic system. The way the system functions is that a set of keys is created. One of the keys is public, and one is private. The public key is used to encrypt the information, and then the private key of the same pair, only known to the recipient, is used to decrypt the information. The cryptographic system at its origins is the antithesis of malware; it provides increased security as parties can encrypt and decrypt messages without having to share passwords.
Read related: “Windows XP Slams Shut on Small Agencies.”
CryptoLocker doesn’t discriminate; companies large and small are at risk. Cyber threats pose a great deal of bottom-line risk to a company, from intellectual property concerns, to reputational damage. The lack of a comprehensive and swift response to a CryptoLocker breach can be crippling, and, thus, necessitates a proactive mitigation approach that can minimize post-attack damage control.
In the case of CryptoLocker, cyber criminals have capitalized on the idea of using a private key to penetrate company systems.
Infiltration begins when a cyber criminal sends what appears to be a legitimate email with an attachment to an employee. When the employee opens the attachment, they unknowingly release the CryptoLocker virus into their computer—and potentially into the wider network. All stored files are immediately held hostage (encrypted) by public key cryptography. The only way to regain access to the files is to pay a ransom in a digital currency or stored value debit card to the hacker, who will then provide the private key necessary for decryption.
Read related: “CryptoLocker vs. Your Company.”
This fairly simple concept is proving lucrative to cyber criminals. According to Dell SecureWorks, criminals collected more than $30 million in ransom in less than 100 days. Typically, the ransom is only a few thousand dollars, which, for now, seems to be a palatable price to pay for companies to free their information. A 2014 survey conducted by the Interdisciplinary Research Centre in Cyber Security at the University of Kent identified that just under half, or 41%, of those infected paid the ransom.
Battling cyber criminals isn’t easy, but it’s not impossible. There are a variety of ways business owners and IT professionals can bolster their cyber defenses:
- Improve interdepartmental communications: Infected emails are frequently disguised as legitimate FedEx or UPS tracking notices. Before opening attachments, employees should verify shipments with the distribution department to ensure authenticity. If the shipping department has no records on file, employees should delete the email and notify IT.
- Routinely back up computers: Although backing up a computer is always critical, it’s also important to use the right type of system to do so. A “hot” backup system allows users to work in the network while files are being continuously updated; however, as the system automatically saves files, it risks backing up encrypted documents. A “cold” system operates when employees are offline, typically during overnight hours. Because employees are offline, the likelihood of an encrypted file being backed up is minimized. Many company computers often follow standard company-wide backup protocols, and an employee may not have the option to choose a cold system. In this case, ensure that the versioning function of the hot system, which directs the system to save several copies of the same file, is turned on. This helps prevent file loss because an encrypted file will be saved alongside its clean version, rather than replacing the clean document with the encrypted copy.
- Build from the ground up: A carefully designed security system implemented early on is better than a system that is designed in response to a cyber breach. As companies are often primarily focused on business efficiencies and not security, involving an outside security professional when designing the IT infrastructure can help ensure companies are protected from end toend.
- Go with your gut: In the event of a breach, there are also a variety of steps companies can take before making the decision to pay the ransom. While many CryptoLocker attacks will warn employees not to go offline, shutting down an infected computer can sometimes be the most effective means to halting the virus’ replication process. While some files will still be encrypted, if you can shut down and unplug in time, you can often prevent the virus from entering other network-affiliated computers.
Even if best practices are in place, preparation and risk mitigation is often not enough to prevent loss in the event of a cyber attack. In times like these, it’s important to have a business continuity plan in place. When reviewing insurance policies, make sure your policy has specialized coverage for cyber extortion risks. Such a policy shifts the risks associated with paying ransoms and associated expenses, including additional security consulting, crisis management and public relations costs.