Billions of dollars are lost each year repairing systems hit by ransomware attacks says the FBI. Amid the pandemic, ransomware continues to be a problem for businesses including firms in the workforce solutions ecosystem with a regular stream of news reports of incidents that have recently been attacked. Perpetrators include hackers seeing bragging rights, businesses hacking competitors, rings of criminals and others.
Such strikes encrypt data on machines and require users to pay the criminals to get a decryption key. The criminals can also threaten to make information public if they don’t get paid.
Ransomware is often loaded to a machine when someone clicks open an attachment that appears legitimate or directs people to a legitimate-appearing website. Ransomware attacks often were delivered by spam emails in the past, but spam-blockers have gotten better and criminals have turned to “spear phishing” where they target specific organizations.
Targets. Garmin was a recent high-profile target. Last month, malicious software encrypted its corporate network and Garmin reportedly paid a multimillion dollar ransom demand, according to Sky News. Blackbaud — which provides software to nonprofits, foundations and religious organizations — discovered and stopped a ransomware attack in May, and the firm also paid a ransom.
Companies in the workforce solutions ecosystem have also come under attack. IT services firm Cognizant Technology Solutions Corp. said a ransomware attack announced in April would likely have an impact of $50 million to $70 million. Separately, The Register reported last month that IT staffing firm Collabera was hit with a ransomware attack this year, citing a memo that said the company was working with law enforcement and personal information was taken.
Preventing Ransomware. The FBI has several tips for preventing ransomware. It recommends against paying ransoms because paying does not necessarily mean users will get their data back. Criminals may not send a decryption key and they become emboldened to commit more ransomware attacks.
Determining if a machine has been attacked by ransomware before the files are encrypted can be difficult. But the FBI cited some telltale signs:
- Your password not working. While this may be a temporary issue with an Internet connection or a requested website having technical issues, it could be an instance in which an attacker has hijacked your account and changed the password.
- People receive emails or social media invites from you that you did not send.
- You get a large number of pop-up ads.
- You get fake antivirus messages.
- You have unexplained online activity.
- You have new browser toolbars, applications, or software which you do not recognize or didn’t install.
More information on telltale signs is available online.
