HR Jetpack

Ransomware

This video is premium content

Register or sign in to gain access.

Lesson Content

Ransomware is a specialized type of malware that is designed to infect a system, and then encrypt the user’s data. Once complete, the user is locked out of their own device until they pay a ransom to un-encrypt it. Typically, the attacker demands payment in Bitcoin or other digital currencies which are difficult for law enforcement to track, and allows these kinds of attacks to come from all over the globe.

On Black Friday in November of 2016, the San Francisco Municipal Transportation Agency was hit with a ransomware attack which crippled their payment terminals. This forced the city to allow service for free for a few days until the system could be restored. The terminals displayed the message “You Hacked, All Data Encrypted” along with a Yandex email account as a contact address. Yandex is a multinational tech company based in Russia, commonly used by cybercriminals looking to avoid the reach of western law enforcement. According to reports, the attacker was demanding 100 bitcoin which was roughly 73 thousand U.S. dollars at the time of attack to restore the infected systems. It took 2 days for the city to get back to normal operations and they would not say if they paid the ransom or not.

Perhaps the scariest part of scenarios like this is that the majority of businesses pay up! Each incident costs tens or hundreds of thousands of dollars. The perpetrators of these crimes have gotten so bold with their extortion method that some will even decrypt your data for free if you help them to infect 2 other people.

The fact that so many businesses pay up says a lot about the problems many organizations have with being able to restore their systems. Ideally, in a scenario like this, you would hope that you could restore the devices back to their functional state without losing any data. The organizations who do pay, also have no way of being certain that their data will be restored or that the attackers will not leak it on the internet anyway.

2016 saw a huge rise in Ransomware attacks for a number of reasons. It was a perfect storm of Bitcoin hitting all-time high trading values as a currency, combined with the reluctance so many organizations have had to move to cloud-based infrastructure for their data. Companies who run their own in-house servers and data centers are simply at a greater risk for infection than those running on leading cloud services providers who operate at a large enough scale to have strong cybersecurity measures in place.

2016 certainly served as a wakeup call. A recent survey found that more than 50 percent of IT staff see defending against emerging threats, such as Ransomware, as their number 1 priority for 2017.

As an HR Professional, it really isn’t your responsibility to manage and monitor your organization's defenses against this kind of attack. However, it is important on a personal and professional level that you are aware of the risks and take steps to make sure that an attacker cannot lock you out of accessing employee and company data. Professionally, it is also valuable to understand ransomware well enough to be able to work with your colleagues in management and IT who will be looking for ways to protect the organization from the threat. No company should ever find themselves in a position where they feel their only option is to pay a ransom.

Michael Wilson

Instructor:

Michael Wilson

Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...

Michael's Full Bio