What is Ransomware?

0
100

Last time we talked about whether using tax software ensures meeting security and compliance needs.

Here’s another great question that I get asked by accountants:

We’ve heard so much recently about ransomware attacks and how catastrophic they can be. What exactly is this dreaded ransomware, and what can we do to prevent it?

As is usually the case with cybersecurity and compliance questions, there is no one simple answer, but at the same time, knowledge is power, so here it goes!

Let’s start with the basics. Ransomware is a form of malware. Meaning it’s a malicious computer program (viruses, worms, etc., are all types of malware, with differences).

In terms of how it gets onto your computer, it’s usually the same as other traditional malware: clicking on bad links/attachments in malicious emails, mistakenly downloading it from the internet, via a shady file, or even by visiting a malicious website with your browser alone!

Traditional malware will delete files or corrupt the computer, etc. Some of them spy on your computer and your activity. Ransomware is unique because it uses encryption to lock up all your files, making them impossible to access or open. Encryption uses unique complex mathematical formulas to require a special unguessable password (called a ‘key’) to crack it and open up the file again. No access to files means no functioning. If your files are shared/stored in a cloud, they can be turned into gibberish there as well.

If malware starts spreading on your computer, you may see the names of files begin to change to a funny name, e.g., ‘youfileisencrpyted.rapid’ or gibberish.

You may also see the infamous ‘red screen’ notifying you that your files have been encrypted and that you must now pay a ransom (via bitcoin, credit card, etc.) to an anonymous online address) to get access to your files again. Even if you pay the ransom, which can be thousands, hundreds of thousands, or even millions of dollars, you are taking their word (as criminals) that they will follow through and give you the key. Sometimes, there are time limits, where if you fail to meet them, they will delete the key, or your files, or both, making it impossible ever to get your information back. It’s this bait-and-ransom tactic that has earned this malware the infamous name ‘ransomware’.

In the past, solid backups in the cloud/offsite have helped prevent a permanent loss of data. However, I’ve seen the bad guys sometimes make their way into the backups, if your accounts are not secure, and the bad guys have evolved, and now, they have started to threaten to steal the files off of your computer (which they can do at this point). They can sell them to the highest bidder, disclose them on the ‘dark web’, and sometimes even email/call your clients to threaten them with identity theft/disclosure if your clients don’t pay as well!

This means that the data may be recoverable. However, the damage to your firm from the downtime, compromise of your client’s identity/sensitive info, and the total breach in fiduciary obligations as an accountant can never be restored. Imagine having to call every one of your clients during tax season or an audit and explaining to them that we can get their info back and continue to work, but the bad guys also have the information in their hands. What will your client and their investors think? It’s no wonder that the oft-quoted statistic is that ’60 percent of small companies go out of business within six months of falling victim to a data breach or cyber attack’.

There is too much to cover about preventing and recovering from ransomware in one article. Staff training, risk assessments, and clear, robust security plans are crucial.

That’s why consulting with experts like Securex, who have experience assessing risks and making plans for accountants, can help your firm be proactive and prevent these disasters from happening.