Ransomware – Daniel “Mark” Gardiner, Partner, CPA, CFE

Ransomware has been in the news quitea bit lately, with the latest victim that we have all heard about being JBS Foods, a Brazilian company that is the world’s largest processor of beef and pork. On May 7th Colonial Pipeline had a malware attack on its customer billing system, causing the company to halt its pipeline operations due to its inability to bill customers and not knowing what software systems were affected by the hack. This created gas shortages and increased prices to consumers mainly along the southeastern portion of the United States. Closer to home, Des Moines Area Community College had an IT security breach on June 3, 2021, resulting in the shut down of their online instruction, telephone system and some of their other IT assets–leaving many students in the dark on how to even contact their school.

April of 2021 was a busy month for ransomware attacks according to the cybersecurity firm Blackfog. Some of the companies hit in April were the NBA and even the Metropolitan Police Department in Washington DC. The three hardest hit industries from ransomware are the government, education and services entities, with the United States, United Kingdom and France being the three countries with the most ransomware attacks. Ransomware attacks are also expected to become more sophisticated and disruptive in the coming years, causing an estimated $6 trillion loss in 2021. In April of 2021, the Department of Justice created the Ransomware and Digital Extortion Task Force to address the growing number of cyberattacks in the US. The Task Force managed to recover $2.3 million of the $4.4 million Colonial Pipeline paid to the DarkSide ransomware group.

What is ransomware? Ransomware is a malware that encrypts the victim’s files. Once this encryption occurs, the attacker will demand a ransom from the victim to restore access to the data they breached. The ransomware group will often provide the necessary instructions and encryption key to decrypt your ransomed files after the ransom is paid, typically requestion their ransom in cryptocurrency, such as bitcoin. Ransomware usually spreads through phishing spams, emails or unknowingly visiting an infected website, taking over the victim’s computer once the ransomware is downloaded and opened.

Tips to avoid ransomware infections are:

+ Keep your anti-virus software active and up to date

+ Patch your operating system and stay up to date on system updates

+ Be suspicious of unsolicited emails, no matter how relevant they may look or seem

+ Make regular backups and keep at least one offline

What to do if your systems become infected?

+ Isolate the infected computer immediately

+ Isolate or power-off affected devices that have not yet been completely corrupted

+ Immediately secure backup data or systems by taking them offline

+ Contact the local field office of the FBI or U.S. Secret Service

+ If possible, change all online account passwords and network passwords after

+ Remove the system from the network