Ransomware Viruses are Viruses that completely encrypt or lock all the files on your Business computer in seconds, accounts, documents, pictures, outlook email attachments, client contact lists, Excel Spreadsheets, bookkeeping and payroll software databases. Hackers that gain access to your company network can install Ransomware on the network server or individual PC’s and spread via network shares between computers.
We frequently come across cases of complete negligence during our audit process of Businesses that have a DIY attitude to IT Security where the company “IT expert” or staff member have exaggerated there ability and is the designated in-house IT “Expert” that in most cases have zero experience or any qualifications in Network or Computer Security but are known to be “Good with computers” within the company.
Some of the recent Ransomware and Business computer hacking cases have included direct targeting of professional Businesses such as Law firms, Accountants, Estate Agency’s, Financial Advisor’s and Architectural firms and other similar professional organisations. Many Businesses have out-dated non operational Backup systems that appear to be functioning but are not being regularly verified by a professional. One of the Hackers favorite tricks once a company network is breached is to actually disable firewalls and covertly delete ALL Backup’s on the company’s Backup systems over a period of weeks or months before finally launching a full scale attack and Ransonware installation to force the company to pay the Ransom which can range from $1000-$100,000 depending on the amount of bitcoin requested and the current Bitcoin price which has increased from $1000 per Bitcoin a few years ago to the current price of around $19,734 per Bitcoin.
Frequently many Businesses pay the Ransom and hope that the criminal’s will take the time to restore all the Data back on to the company computers over a period of weeks or months which is highly unlikely. There is a stigma attached with admitting that a company did not have proper security systems in place to protect their own Data and their client’s Data so they pay up and don’t ever talk about it for fear of loss of faith, damage to the company’s reputation and a sense of embarrassment within the local Business community. New Australian laws now state that companies have to report security breaches and a ransomware breach qualifies for that reporting to ASIC etc.
Check your security, check your backups regularly (do a test restore with your IT people and ask them to prove the restore), change your and your employees mindset and be aware at all times.