NEW THREATS

Most people have heard about the high-profile cyberattacks on large companies such as Target and Equifax that resulted in millions of customers’ financial records being stolen. The fallout from these data breaches was huge, with both companies facing a backlash from consumers that has hurt their reputations as well as their profitability.

Small- to medium-sized businesses can also fall prey to cyberattacks, particularly ransomware, which can be destructive and costly to companies of all sizes. Ransomware is a form of malicious software that blocks access to a computer system or network until the business owner pays a ransom, often in some type of cryptocurrency like bitcoin. The amounts demanded are usually small — typically under $10,000 — because those perpetrating the attack know that many business owners would rather pay the fee than go through the inconvenience (and expense) of rebuilding their computer network.

Ransomware is highly profitable for criminals because they can target many small companies in a short period of time. That is why ransomware has emerged as one of the most serious online threats facing businesses, and the number of attacks has skyrocketed. In fact, a 2017 report from Osterman Research showed that more than one-third of small- or medium-sized businesses around the globe experienced a ransomware attack in the last year.

That is why it is imperative for contractors to take the necessary steps to protect themselves from this kind of attack.

PRACTICING PREVENTION

Ransomware can be delivered to a computer system in many different ways, but the most common entry point is from an employee opening an infected attachment, typically from a spoofed or phishing attack email, explained Derek Lauro, IT network/systems administrator, Data-Basics Inc.

“Infected websites and pop-up ads can also lead to infection,” he said. “Weak passwords can also allow brute force attacks into a network, leaving a company open to unauthorized administrative control and software exploits. That is why contractors should review current password policies with staff members and enforce stricter rules where necessary.”

Typically, ransomware attacks appear to be trusted attachments or files, such as Excel or Word documents, PDF attachments, etc., according to Rachel Schmidt, director of marketing, Davisware Inc.

“The user is then tricked into opening or downloading the infected file or link,” she said. “Although distributed mainly through email, ransomware also propagates through compromised or malicious websites and pirated software.”

To prevent a ransomware attack, Schmidt recommends taking the following steps:

• Ensure that all computers have updated antivirus/anti-ransomware software;
• Ensure automatic weekly updates are enabled for antivirus/anti-ransomware software as well as for Windows.
• Blacklist domains that are known to be malicious;
• Provide ongoing employee training on best practices for identifying spoofs or suspicious emails;
• Back up all company data regularly — daily, if possible;
• Never save a backup to the same computer. Company data should be backed up to an external drive and then disconnected from the network;
• Ensure all employees are using strong passwords that are more than eight characters in length, have at least one special character, and use upper- and lowercase letters. It should also be a password that is not used for any other account; and
• If applicable, secure all remote desktop ports.

In addition to making sure the company is protected with server and client anti-ransomware software, contractors should also know that next-generation firewalls have become increasingly more capable, said Lauro.

“Much more advanced and reliable than the typical firewall that just blocks/opens ports, these new firewalls monitor the network for fishy application activity and are designed to stop anything in its tracks,” he said.

New software suites have also been developed that can bundle with typical anti-malware/user control and are seamless to the end user, according to Lauro. Adding a type of behavior scanner that is always monitoring the system for changes can also detect when ransomware has been installed and stop it almost instantly. But more importantly, he added that it is always a good idea to work with an outside IT company and/or IT staff to have a disaster recovery plan in place that can protect against and/or enable an expedited recovery from an attack.

REACTION

Contractors who become victims of a ransomware attack have two options: either pay the ransom or wipe their hardware clean and rebuild their computer network. Deciding whether or not to pay the ransom can be tricky, said Schmidt, and usually comes down to whether or not the contractor has recently backed up the company’s data.

“If you do not have a recent backup, can afford to just pay the ransom, and/or can’t afford to go without or lose your data, then you should consider paying it,” said Schmidt. “Remember that even if you pay it, there’s no guarantee that the attacker won’t still hold on to your data. If you have a backup to access, you can typically get back up and running within a couple of hours. In this instance, you would simply access your last backup and restore any data that was lost during the attack.”

Lauro advises clients to only pay the ransom in a worst-case scenario; for example, if they can’t afford to lose their data, can’t withstand the downtime, or do not have any data backups.

“If you determine that paying the ransom is necessary, be cautious about providing sensitive information to the attackers,” he said. “Don’t give out credit card or bank routing numbers or personal information. There are more secure ways to send money, including cryptocurrency, prepaid cards, etc.”

If a recent backup is available, contractors can usually ignore the ransom demand and get to work restoring their data. However, this takes time and can also be expensive.

“In our best-case scenarios, we have worked with clients who have lost no data due to a great disaster recovery plan, but keep in mind, even with a good plan and backups (and therefore no data loss), it still takes one to two days to get back to where they were before the ransomware attack,” said Lauro. “It takes time to restore a server and data files, and downtime of your systems and IT consulting adds up quickly.”

If a contractor has no data backed up and no plans to pay the ransom, the road ahead may be more difficult. Lauro described how one of their contractor clients experienced a ransomware attack and had no data backups and no way to contact the criminals behind the attack.

“As their software providers, we were able to produce a database backup saved on our systems, so they were able to resume operations,” he said. “Unfortunately, their most recent data was not included, as the backup was from several years prior. While better than starting over, this client will never be able to recover the lost months or years of data and records.”

In addition to taking a financial toll on a company, a ransomware attack can also damage a contractor’s reputation — particularly if customer records were stolen. The good news is that in a typical ransomware event, that data is not stolen but rather encrypted with a unique algorithm, explained Lauro.

“It is usually done to incapacitate the company in the hopes that someone will pay up to get their business running again, not to steal data,” he said.

But if data is stolen, contractors must let their customers know, said Schmidt.

“Many do this via an announcement on social media and/or by emailing their saved contacts from their address book,” she said.

Of course, the best way to handle a ransomware attack is to prevent it in the first place. By regularly backing up data, training employees to strengthen passwords and delete suspicious emails, installing and regularly updating antivirus and anti-ransomware software, and creating a plan to prepare for an attack, contractors can keep their businesses and their reputations safe and secure.

Publication date: 1/14/2019

Want more HVAC industry news and information? Join The NEWS on Facebook, Twitter, and LinkedIn today!