A cyber security expert answers your ransomware questions

Ransomware has been all over the news lately. This particular type of cyber attack has become increasingly visible, and has been blamed for everything from higher gas prices to internet outages. But what is ransomware? Who is vulnerable? And most importantly, how can you protect your small business from the havoc it can wreak? 

Last year, we sat down with Meghan Hannes, then Head of Cyber and Tech E&O for Hiscox USA. Meghan has been underwriting and managing cyber security and privacy-related risk since 2004. She is a noted author, speaker, and award-winning product head in the cyber insurance space. Here’s what she had to say. 

Q: What is ransomware?

Ransomware is a piece of software – or, more specifically, code - that takes control of a victim's computer, making it unusable, sometimes called ‘bricking’ the system. A ransom is then demanded to unlock your computer so you can get back to work. 

Q: How does ransomware get on my computer?

In the majority of cases, it’s through phishing. We know from the Hiscox Cyber Readiness Report 2021 that 60% of all ransomware events resulting from a phishing email. It can be targeted, or it can be what’s called ‘spray and pray,’ where hackers just try a bunch of emails to see where they can infiltrate. 

Q: Who are these ransomware hackers?

Hackers can be sole practitioners or part of a larger ransomware ‘gang.’ These gangs operate like any other business, except they work for nefarious purposes. They have office hours, vacation schedules and payrolls, just like any other business. 

They will also sell ‘ransomware as a service’ software for profit, which enables less sophisticated hackers to get into the ransomware mix. In many cases, these gangs will have thousands – or millions – of dollars in profits to invest back into their operations, which means attacks are likely to continue to increase in frequency and sophistication, as long as there is money to be made. 

Q: But hackers want big money. So they’re not going to bother with a small business like mine, right?

Size is relative. If you rely on a supply chain, if you have customers, if you're going to be in any sort of pain because your computer system is down, you should be aware of the risk and take steps to defend against ransomware.  

Related: Remote working increases cyber risk for small businesses

Q: What should I do if I get a ransomware demand?

That’s a really good question, because there are a lot of factors in that decision. First, you don’t know what kind of hacker you have. Once you are hacked, a few different things can happen. 

You may get a ransomware demand, and decide to pay the ransom. But the hacker is kind of a novice, and they don’t know how to decrypt your data. So you’ve paid the money but you still don’t have your data back. Or, you pay the money, but, since there’s no honor among thieves, the hacker just takes your money and runs, and your data is still encrypted. Or they publicize the fact that you were hacked, and now you’ve got to worry about potential reputational damage on top of it.

As soon as you realize you’ve been compromised, reach out to your cyber insurance carrier if you have one. You really want to bring in a professional if you get a ransomware demand. That’s where a specialty company with experience comes in. We have partners who do this day in and day out. They know the attack patterns, language – even the common spelling errors in demand notices – of these different gangs. This lets them quickly determine who the attacking gang may be, and what their experience level may be. That information will give a really good indication of whether a ransom demand should be considered. 

The response, recovery and restoration process is bespoke to every single company. There is absolutely no one-size-fits-all approach here. And that’s why, if all else is left out of the equation, you want to be able to call an expert if this happens to you. If you can call in a forensics vendor, they can sift through the backups to determine what systems are affected and who might be behind it. 

Q: As a small business owner, what can I do to protect myself?

There are a few ways that ransomware gets in, but the overwhelming majority of it is phishing, exposed RDP or remote desktop protocol, and brute force attacks. So, let’s look at each of those three and see how you can protect yourself.

1. Phishing succeeds because of human error. The hacker sends an email that looks legitimate but there’s a link in it that, when clicked, releases malware onto your computer. The way to protect yourself here is to educate your employees. If it looks like a phish, and it smells like a phish, it’s probably a phish, meaning it’s a bad email. So know what a malicious email looks like, and train your staff to recognize one as well.
    
2. Never expose an RDP to the internet, and consider an extra layer of defense like VPN (Virtual Private Network) to provide another layer of security. 
    
3. A brute force attack is when malicious code will just try different combinations of usernames and passwords until they find one that works. In addition to requiring two-factor authentication, there are software defenses you can put on your system that can thwart a brute force attack. 

You also need to have electronic backups for important systems, and make sure you can get them up and running in a reasonable amount of time. 

Related: Is your business cyber ready? Here’s how prepared US businesses are

Q: How does having cyber insurance help?

It helps in a lot of ways. First, with Hiscox cyber policies, you get access to CyberClear Academy, which is a suite of tools that helps you train your employees on how to avoid an attack in the first place. This is self-paced training that helps you keep your company safe. Next, all Hiscox cyber insurance policyholders have access to Paladin Shield, an AI-powered ransomware solution that reduces phishing susceptibility by 64%. It includes email security, network defense, threat monitoring and more. 

Plus, in the event of an attack, you have access to a team of first responder specialists who are available to Hiscox policyholders 24/7. It may be your company’s first cyber-attack, but these experts have seen and experienced it all, and they know just what to do to limit the damage. 

Of course, Hiscox insurance also covers the costs of recovering your data and notifying any affected parties. It can also cover business interruption, or the cost of not being able to operate your business for however long it takes to resolve the situation. 

The bottom line is that ransomware gangs remain a viable business model, and one that can do harm to your business. So you need to protect yourself, and having comprehensive cyber security insurance is the best way to do that. 

For more information on cyber security, or to get a quote for cyber insurance for your business, visit Hiscox’s cyber page.