Submitted by: Jessica Mazzeo, Director of Administration, Griesing Law, LLC
Imagine walking into your office and switching on your computer, only to find a large “X” on the screen with a timer counting down the hours until all of your data is destroyed. Now imagine that the same virus has spread to every computer in your office. The virus developer is demanding that you pay several hundred dollars in exchange for retrieving your data. Do you pay the ransom? This was the scenario that confronted a police department in Swansea, Massachusetts, which paid over $750 to avoid losing thousands of its official records, and a law firm in Charlotte, North Carolina that was unable to outsmart the virus and lost countless critical legal documents.
Ransomware is a malicious computer program that locks or encrypts user data, with the threat of destroying it, unless a ransom is paid. The most recent culprit goes by the name Cryptolocker and is a type of ransomware that has become increasingly prevalent in the U.S. since fall of last year. It has already spread across thousands of computers worldwide. Cryptolocker uses a higher, commercial-grade form of encryption and demands higher ransoms than other ransomware.
Like many computer viruses, Cryptolocker spreads through email attachments that can come in a variety of forms. Most commonly, it is disguised as PDF or Word files, contained in official-looking emails that appear to be from familiar companies like UPS or the user’s bank. Virus developers are becoming increasingly sophisticated and can target users quite specifically. In the case of the Charlotte law firm, the virus was contained in an email “from AT&T” and the malicious attachment was mistaken for a voicemail message from their phone answering service.
So how can a business defend against such attacks? Of course, all businesses should back up their files frequently. Also, all employees should be reminded not to open any file that they are not expecting or do not recognize. Operating systems should be updated regularly as well as online add-ons like Flash and Java. Security holes in these systems are often the gateway for cyber attacks.
Finally, business owners should consider insuring against cyber-attacks, particularly businesses in the highly regulated legal, financial and health sectors that deal with especially sensitive information. “Many business owners think that their general policy covers cyber liability,” explains Alice Niles, President of A.P. Orleans Risk Management, “but oftentimes when cyber liability falls within a general policy, the coverage is sub-limited for a much lesser and inadequate amount of coverage.” Increasing the coverage to an amount that would truly cover a data breach may cost as little as $100 extra per month, but owners will not know this unless they ask the right questions. According to Niles, having insurance not on