Ransomware attacks, particularly of government institutions, have been on the rise. Our friends at Oregon Public Broadcasting say this summer has been particularly bad for the City of Baltimore, the Georgia court systems, and Lake City, Florida.
Hackers attacked each of those entities. The hackers lock users out of their own computer systems. Then they demand payment, often in the form of bitcoin, to regain control of the data. If payment is not made, some hackers threaten to sell the information on the dark web.
Even when cities and businesses have cyber security insurance, making the decision whether to pay the ransom is difficult.
To pay or not to pay? Either way, there are consequences.
Ransomware Hackers Cash in on Vulnerabilities
Advances in cyber security aim to keep pace with the increased threat from hackers. However, the always ambitious and greedy hackers seek new, and even old ways to wreak havoc.
Ransomware attacks can be launched by breaching your business’s firewalls. In the case of the CryptoMix threat, ITPro reports that the malicious code masquerades as a charitable organization helping young children. It attempts to trick individuals into clicking on links that install dangerous malware.
After victims download the malware, cyber criminals encrypt the information on computers or block access to it. They promise to make it forever unusable unless they get their payday.
This creates the dilemma of whether or not to pay the ransom.
The Insurance Journal reports that the Idaho Jerome School District refused to pay its ransom. At least one month later, the school system was still rebuilding its system using backed-up files. It worked with a worldwide cyber security company on the restoration, which was paid for by the school system’s insurer.
For other victims, rebuilding isn’t as easy.
CSO reports that the May 7 ransomware attack on the City of Baltimore cost $18 million to date. Attackers asked for about 1% of that figure: $76,000 in bitcoin.
The city applied for federal disaster fund to defray the costs.
The FBI recommends that business and government entities not pay the ransom. It believes that paying hackers only encourages further attacks.
Of course, the best defense against cyber attacks and the potential loss of data is an up-to-date cyber security plan. This includes firewalls and malware protection. It also means teaching your employees to avoid spear phishing attacks.
The Keating Agency recommends that you regularly revisit your company’s cyber security plan. You also should discuss that plan with all employees and continuously back-up data files.
The Keating Agency has been your local, independent insurance agent for 50 years. We will work with you to determine your needs and help you find the right cyber security policy to protect your business interests. Give us a call.