Why would a sophisticated university need to succumb to paying a ransom to petty cyber thieves? According to Linda Delgetty, University of Calgary’s Vice-President of Finances and Services, “…. we did that solely so we could protect the quality and the nature of the information we generate at the university.”1 In other words, the university was not prepared for the attack and risked losing years of research data, so it chose to barter with criminals risking that the data may never be retrieved. What can we learn from this incident and how should Canadian business leaders protect their organizations?
In reality, many Canadian organizations are vulnerable to malware technology and should not be surprised if they are attacked in the not too distant future. The puzzling part is the slow uptake on adopting top security procedures given that many organizations have as much or more to lose than a university, i.e. their reputations, clients, revenues, and very importantly, their intellectual capital. Imagine the impact on share price if a large company is shut down by malware. This trend is eerily similar to the proliferation of the international kidnapping industry which now funds and employs thousands of criminal terrorists, a very lucrative endeavour which is relatively easy to conduct. Like with kidnapping, as long as vulnerabilities exist, victims will be exploited.
How prevalent are Malware attacks? The Canadian Cyber Incident Response Centre issued a joint alert with the U.S. Department of Homeland Security earlier this year warning about the proliferation of ransomware. It estimates that there were more than 1,600 ransomware attacks per day in 2015 against Canadians.2 “This attack is part of a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large health-care institutions,” the university said.1
What happens in a malware attack? Ransomware is a type of malicious software that encrypts files on a user’s computer and asks for money in exchange for unlocking the data. One of the most common ways cyber attackers trick people into downloading ransomware is through spam email and email attachments. Often these malicious emails are disguised as legitimate emails from real companies – like Apple, Canada Post and UPS – with what look like legitimate attachments. However, when you open the attachment the virus is downloaded onto your computer. 3
Are there ways to protect against malware attacks? Anti-virus tools can often be used to unlock data and remove the malicious software. “If your files have been encrypted, there may be a tool available to unencrypt them but this depends on the variant you’ve been infected with. If there is no tool available, you may have to restore them from a backup,” says Nicole Bogart, a cyber security expert. 3 “The best way to protect yourself from any sort of ransomware is to maintain up-to-date anti-virus or anti-malware software and ensure you are backing up your computer regularly to prevent losing any of your important files.”
Security firm Symantec offers tips which should be closely followed by all organizations, and include the following precautions: 4
On your computer:
- Make sure you have comprehensive security software installed, such as Norton Security.
- The bad guys will take advantage of vulnerabilities found in software to install malware, so it’s important to keep the operating system and software on your computer up-to-date by installing the latest security patches and updates.
- Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware is removed from the computer.
On your mobile device:
- Avoid downloading apps from unfamiliar sites and only install apps from trusted sources.
- Back up everything on your mobile device so that if it does become infected and you can’t get access to your stuff, you can always restore everything from the backup.
- It’s also a good idea to install a security app, such as Norton Mobile Security, in order to protect your device and data.
In summary, executives and board members need to ensure, via monitoring, that best practices are being regularly followed by all staff. IT departments need to report regularly on implementation and adherence to established company-wide controls. Most IT departments understand the steps which need to be followed, but are all staff safely following protocols? Regular outside audits by security professionals can verify the precautions which are, and are not being followed, and can comment on vulnerabilities. Finally, for in the event that a malware attack does occur, organizations should consider purchasing Cyber insurance to protect against many of the expenses and business losses which could occur.
- CBC News, Jun 07, 2016. University of Calgary paid $20K in ransomware attack. Toronto, Canada. http://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979
- Canadian Press, June 7, 2016-University of Calgary pays ransom after attack on computer systems. Calgary, Canada. http://www.theglobeandmail.com/news/national/university-of-calgary-pays-ransom-after-attack-on-computer-systems/article30346543/
- Global News, April 17, 2016, Author Nicole Bogart. Ransomware on the rise in Canada: How to protect your data. http://globalnews.ca/news/2641249/ransomware-on-the-rise-in-canada-how-to-protect-your-data/
- Symantec Blog. Ransomware: How to stay safe. http://www.symantec.com/connect/blogs/ransomware-how-stay-safe