No business is too small for online criminals. Just ask Mark Stefanick, president of Houston-based Advantage Benefits Solutions. With only about a dozen insurance and benefits consultants serving local small to medium businesses, Advantage might seem unlikely to draw the attention of online extortionists. But this little firm got hit with ransomware…
Is Your Business Vulnerable to Online Extortionists?
It started as many malware infections do: an employee clicked on the wrong link in an unexpected email, triggering a download of a malware program that locked up his computer. Within a few hours, it spread itself throughout every computer on the company’s network, including backup systems.
Suddenly, clients’ claims data and internal financial data were encrypted. Then a message popped up: pay $400 within 72 hours for the key that unlocks your data.
Stefanick’s IT services provider told him it would take “thousands and thousands of hours” to crack the encryption that held Advantage hostage. So he paid the relatively low ransom as instructed, by purchasing a MoneyPak prepaid debit card at a Walgreens and emailing its voucher code to the crooks. That code enabled the bad guys to transfer the $400 from Stefanick’s card to their bank account, Paypal account, or another prepaid debit card, untraceably.
Within 30 minutes of sending the ransom, Advantage’s data was unlocked. No data was lost, though it did take 72 hours to get things back to normal. “Honor among thieves” is not honor, just good business. Future victims won’t pay if word gets around that the crooks fail to unlock encrypted data.
Ransomware targeting small businesses is a rapidly growing threat. McAfee Labs, a unit of Intel Corp., reported 250,000 new ransomware variants during Q4 2014, up 155% over the previous quarter. Q1 2015 saw 165% more new ransomware samples, so the trend is accelerating. The odds that your business may fall victim to online extortionists, as Advantage did, are not negligible; they’re increasing daily.
Protection Starts With Education
Guarding against infection by ransomware is a matter of user education, comprehensive security software protection, and mindful management of backup systems. All employees should be trained to stop, look, and think before clicking on links embedded in email, even if the email comes from a familiar and trusted source. Malware, including ransomware, is often planted on innocuous Web sites whose owners are rather naïve about Web security. It may surprise you to learn that religious Web sites are more than 100 times more likely to harbor malware than porn sites, simply because administrators of the former are not, as a rule, IT security pros.
The best Internet security suites provide constant, real-time scanning of emails and Web browser traffic, as well as intrusion detection and monitoring of applications for suspicious activity. While such comprehensive surveillance inevitably takes a bite out of system performance, it’s a small price to pay to avoid what happened to Advantage Benefits Solutions.
I mentioned that Advantage’s backup system got infected along with the office network. That can happen when a backup drive is constantly connected to the working network, or when backup copies are transferred to a backup server without being scanned for malware. Yes, scheduling a full anti-malware scan before each backup session adds a lot of maintenance time, but it also increases the odds that you’ll have a clean backup copy when you need one.
Botnets At Your Doorstep!
Another type of online extortion involves a Distributed Denial of Service (DDoS) attack. You may receive an email from mysterious parties warning that your Web site, or your entire network, will be “knocked offline” at a certain time unless you pay a ransom.
Such a threat is carried out by a “botnet” – a large group of computers that have been “enslaved” by malware and placed under the control of a criminal group. The controller commands all of the botnet slave machines to bombard a given IP address, such as your Web site’s, with millions of packets per second. This overwhelming torrent of bogus traffic makes it impossible for legitimate traffic to flow into or out of the attacked server.
DDoS attacks are the “nuclear weapon” of the hacker world. You might think your business isn’t worth the effort of a vast botnet of several million slave computers. But here’s the scary thing: botnets are available for rent, and cheaply.
For about $150-$200, any competitor, disgruntled current or former employee, customer, or random basement-dwelling kid can launch a DDoS attack against your Web site or network and bring your business to a crashing halt. It might be done for profit, or spite, or for sick laughs. Being small and harmless is no protection.
If your business falls under a DDoS attack, there are technical defenses that an expert system administrator can mount quickly. But if you don’t have such a white knight on your staff, you may want to consider retaining a DDoS mitigation service. Such services specialize in monitoring clients’ networks and responding quickly to DDoS attacks. The fact there are a lot of DDoS mitigation services is one indication of how widespread this form of attack is.
Responding to a DDoS Attack
Black Lotus is the “911” of DDoS mitigation services. You can order protection even in the middle of a DDoS attack, point your DNS to Black Lotus’ servers, and within 5 minutes they’ll be redirecting attack traffic away from your site.
Incapsula is a highly rated cloud-based Web services provider that includes DDoS monitoring and mitigation. It also provides content-delivery acceleration, Web app firewall, two-factor authentication, and other services for securing and optimizing Web traffic.
The Kona Site Defender is a DDoS and Web app defender service offered by Akamai, one of the leaders in content-delivery networks.
AT&T, hosting companies and other large ISPs also offer DDoS mitigation services to business customers. Check with your host or ISP to see what it can do for you in case of a DDoS attack. Make whatever arrangements are necessary to implement DDoS protection as quickly as possible if you should come under attack. Don’t wait until the bots are at your home page.
Your thoughts on this topic are welcome. Post your comment or question below…