It’s a business owner’s worst nightmare.
You arrive for work, sit down at your computer and find that you can’t access any of your files because cyber criminals have encrypted them, locking them from being accessed by anyone but the hackers themselves. It’s a grim scenario, and it’s happening with increasing frequency as hackers seek to extort money from businesses.
Kevin McDonald has seen plenty of these attacks as president of Noloki, an Irvine-based information security firm. McDonald addressed the rise of cyberterrorism at an economic forum held Tuesday at Caltech’s Athenaeum Club. Sponsored by Technolink Association, the event featured experts on the global economy, the energy industry, intellectual property rights and more.
“Ransomware is basically a piece of malware that infects your computer, whether it’s locally or a network,” McDonald said. “That infection then goes to the command control center and pulls down an encryption tool that encrypts the local computer.”
And attacks like these can become even worse — if that local computer has rights to access other systems, it can encrypt them as well.
“Encryption means you can’t read it or use it,” McDonald said. “Then what happens is you will suddenly get a pop-up window that says, ‘Hey, give us $500 … or $1,000. And if you don’t pay us you’re never going to see that data again.’”
The effect can be devastating.
“The thing about Ransomware that’s so terrifying is you quite literally could lose your whole life,” he said. “We’ve seen companies where they’ve paid the ransom but it still took 18 months to un-encrypt the data. Sometimes even if you pay the ransom you won’t get it back.”
Hackers recently shut down the internal computer system at Hollywood Presbyterian Medical Center. They held the system hostage by encrypting the network’s data and demanding a ransom of about $17,000 in bitcoin to have it removed. Once the ransom was paid, the hospital regained access to all of its computer systems.
Ross C. DeVol, chief research officer for the Milken Institute in Santa Monica, also attended Tuesday’s forum.
“A lot of small- to medium-sized companies are being targeted,” DeVol said. “Law firms are being targeted in particular so they can’t get access to case files. And that’s often a situation where the information is not easily replicable. There is a cottage industry that has developed around this and it’s going to ramp up until they come up with a more effective means to combat it.”
Figures from the international software security group Kaspersky Lab reveal that Ransomware programs were detected on 753,684 computers in 2015. On a broader scale, there were more than 1.9 million registered notifications about attempted malware infections that aimed to steal money via online access to bank accounts.
McDonald advises businesses to use standard accounts for their computers as opposed to administrative ones. They prevent users from making changes that affect everyone who uses the computer.
But administrative accounts allow changes to be made, giving cyber-terrorists access to a company’s database.
“You also need to make sure your system is patched,” he said. “That helps keep malware out. And make sure your system scans emails for infected files. The vast majority of malware comes in through files like resume.doc.”
McDonald said computers should also have URL reputation scanning, which alerts users that a website may contain some form of malware.
Lastly, McDonald said the backup system should have a snapshot function, which periodically makes an exact copy of the database, so if the system does get hacked nearly all of the data will still be accessible.
