The Dangers of Ransomware Attacks
As the first wave of ransomware attacks spread across the globe in early May, the media breathlessly reported on the brewing crisis as governments, corporations and everyday people wondered if and when it would affect them.
According to the New York Times, the ransomware was the same as leaked by Shadow Brokers, a hacking group which leaked stolen NSA hacking tools. The first attacks targeted groups that don’t have updated malware software on their computers and were able to exploit this problem.
The ransomware, a program called WannaCry, was used to encrypt computer systems in 99 countries. This program basically makes computer contents inaccessible, encrypting files and making it impossible to access records. Although the first wave targeted larger vulnerable systems, if the ransom demands are successful, small businesses and corporations could easily become the next victims.
For small businesses, the best way to protect your company information and records is to ensure your malware protection is up-to-date. Although it isn’t one hundred percent foolproof, keeping your computer systems updated will prevent the current versions of WannaCry from disrupting your business and causing the following problems:
Loss of information
WannaCry is designed to hold information of a computer system for ransom. Users are not able to access the information until the malicious program is removed. Information is – supposedly – not lost if the ransom is paid, but slight changes to the programming code can render information unusable.
Loss of business
It’s a rare company that doesn’t use computers to conduct most their business in this day and age. All computer systems without updates are at risk. No matter how small your business, the ransoms – most of them relatively insignificant amounts – must be paid before you can access your files.
Loss of confidence in the government
Although difficult to quantify, the information being released about the origins of WannaCry has created a discussion about the culpability the United States government has in this situation. WannaCry was leaked from the NSA which suggests that the government had a hand in its development. Granted the US government is not behind the ransomware attacks, but it is responsible for the program leaking in the first place.
Although the companies and organizations attacked by WannaCry are not advertising what they have done to regain the use of their files, there really isn’t much that can be done. The price to unlock your system doubled after three days and at the end of the week, if the ransom was not paid, the encrypted information would be deleted.
The attack as widespread as it was, could have been worse. There have been numerous malware attacks in the last few years and they are becoming more sophisticated. Keeping your computer systems current with the newest security updates is the best way to keep your business safe from malware attacks.
The possibility of litigation from lost or stolen data cannot be discounted. Personal injury lawyers see this as a bigger potential problem than the 2014 Yahoo data breach that was exposed in 2016.
“The Yahoo breach potentially affected 500 million users but that stolen information was used for identity theft purposes. There was a breach, but Yahoo was responsible for security. WannaCry is a direct crime against computer users. When the responsible parties are identified, you can imagine the lawsuits that will follow.”
The biggest challenge might be discovering who is ultimately responsible and liable for the attack.