Colonial Pipeline, which operates the largest fuel pipeline in the United States, found themselves the target of a ransomware attack by a group called Darkside, who broke into their infrastructure because of a single compromised password. For the first time in its 57-year history, Colonial shut down the entire pipeline, resulting in gasoline shortages, long gas lines, and higher fuel prices. During the attack, the hackers stole almost 100 GB of data, threatening to leak it if the ransom wasn’t paid. Colonial wound up paying $4.4 million, some of which was eventually recovered by the US Department of Justice. 1
That’s only one example of the effects of ransomware on a business. What could happen if your computers were infected with ransomware?
You Could Lose Your Data
The most obvious concern is that your business could lose data and computing resources. Ransomware often disables workstations permanently, infects servers, and can even damage devices that control equipment such as electrical distribution stations and pumps. Worse yet, there’s no guarantee that your infrastructure will be restored should you pay the ransom.
Your Data Might be Auctioned to Competitors
Ransomware often transmits any data that it finds, such as SQL or Oracle databases, Excel spreadsheets, Access databases, Word documents, and so forth, to hackers. For businesses, this data often includes confidential information that would be very useful to competitors. If your systems are infected, the criminals may demand payment, or they will sell your data to the highest bidder.
Your Data Could be Put on the Web
To make it even more likely that you’ll pay the ransom, the hackers often threaten to release your data to the public. Your confidential information could be made available on websites or the dark web. The hackers may auction it off to the highest bidder or they may sell parts of your database to anyone who will pay their price. They may do this regardless if you pay the ransom or not.
Executives and Employees may be Blackmailed
It’s not uncommon to find personal or business data on workstations, laptops, and mobile devices. Sometimes this information is merely embarrassing and in other cases, the data may be criminal in nature. Skillful hackers will often uncover embarrassing information. In this case, they can blackmail individuals or even the entire business to prevent its release.
Thieves can find out and use Personal Information
By sifting through your systems, hackers can find personal data such as credit card and Social Security card numbers, addresses, phone numbers, images of passports and licenses, and many other kinds of information. They can then sell this personal data in the dark web to any interested parties.
What can you do?
The situation is not hopeless. Your business can act to prevent or reduce the impact of ransomware, including:
● Install up-to-date anti-malware applications on every workstation.
● Train users about how to avoid clicking on phishing links and other security practices.
● Encrypt databases and files.
● Discuss cyber protection policies with your insurance broker.
● To mitigate any potential damage, ensure your backup strategy is sound, tested, and complete. It is important to use the 3-2-1 backup strategy.
Treat the threat of cyberattacks, including ransomware, seriously. Practice good security throughout your business to prevent, or at least minimize, the impact of cyberattacks.