Computer viruses can cost organizations. But ransomware can cost them in more than one way

Brett Johnson//May 8, 2017

Computer viruses can cost organizations. But ransomware can cost them in more than one way

Brett Johnson//May 8, 2017

Scarcely a day goes by that hackers escape the news — that’s the reason Jim Kirkos gave for his Meadowlands Regional Chamber of Commerce planning a summit last month to discuss the threat of cyberattacks.

Kirkos couldn’t have known how right he was.

It didn’t take long at all after the organization’s event at Montclair State University for another attack to make the news — and very close to home.

Computers in the city of Newark were infected with a disabling virus April 21, which brought devices offline and reportedly made them hostage to a hacker that demanded ransom in the form of a virtually non-traceable currency.

The high-profile attack is under investigation by federal and state law enforcement authorities, who have instructed the city not to disclose details potentially compromising that investigation, according to Newark spokesman Frank Baraff.

What Baraff was able to say was that a virus affected the city that caused “some services” to be disrupted. Many computers were again operational as of the following week, and the city’s information technology department was at that time working to bring the rest back online.

Media reports described a ransomware attack that encrypted the city’s computer files, which were to be locked until a private key was provided by the hacker. Baraff himself said he could “neither confirm nor deny” details reported about this incident.

Regardless of the particulars, Edward Greene of Comodo, which works with several state and local agencies in offering cybersecurity products, said this type of virus is becoming an increasingly common mode of attack across the board.

“Depending on who you talk to, the amount of ransomware attacks increased 6,000 percent from 2015 to 2016,” he said. “With (that) increase, there has also been a 600 percent increase in different types of ransomware in use. So, the bad actors are getting more active and also more creative.”

Trying transparency

Michelle Schaap, a member of Chiesa Shahinian & Giantomasi P.C. that has a specialty in cybersecurity, said there’s a major discrepancy between how disclosures about cybersecurity breaches take place.

For instance, Chipotle had a recent data breach that it let the public know about within about a week.

“It was one of the fastest disclosures I’ve ever seen,” she said. “And you know what, I think that’s very smart.”

On the other hand, she said, a company like Yahoo experienced a significant breach that wasn’t disclosed until years later.

Schaap prefers the more transparent approach.

“But they didn’t decide to do that in a vacuum — they spoke to their (public relations) people and had a plan,” she said. “Businesses need to have a disclosure plan in place. If on the day you’ve been breached you’re talking about a plan, then you don’t have one.”

Getting exact data on this is not easy, Greene said, because of the fact that many institutions are not inclined to disclose information about these breaches.

Greene explained that, at least half of the time, ransomware infects a user’s computer through simple email links or attachments.

“The unfortunate truth is that most of this happens through user error,” said Greene, a vice president of sales at the cybersecurity company.

Comodo, along with its international business, works with several state and local entities in implementing defense platforms that, in a sense, comb through emails to look for potential executables that may have malicious intent.

Once the virus takes hold on a computer, it can leap to other machines and continue to infect devices until it is isolated. Isolating the virus is the first goal in beating back these attacks, Greene said.

In the recent Newark case, it was reported that a hacker demanded 24 bitcoins, or about $30,000, to have the data on the infected machines unlocked.

Greene said the use of digital assets, or cryptocurrency, such as Bitcoin is typical of these attacks. It has coincided with the rise in the value of an individual bitcoin, which is now worth more than $1,250 per unit.

“Some pay it because they feel they have to, others don’t,” Greene said about the Bitcoin ransom asked of hack targets. “Either way, you should have a response plan in place.”

Kirkos said that’s exactly what he looked to do at his chamber after hearing of the Newark breach.

“I immediately called our outside IT provider and said, ‘Let’s talk about this — where are we vulnerable?’” he said. “He showed me his protocol. … We’re doing what we can, even if it’s always possible for someone to open a bad email.”

Having a response plan — and being aware of the cracks in plans already established — is something Kirkos advocates for, especially in this time of escalating ransomware attacks.

“We think about it like this: If someone were to infiltrate your system and hold it hostage with ransomware and you were down for a week — what would it do to your business?” he said. “These are the sorts of questions you have to ask yourself.

“Because with how often these attacks occur, sooner or later it’s bound to happen to you, too.”

Dark web entrepreneurs

Like it or not, “entrepreneurial” can be a fitting descriptor for a hacker.

The booming industry on the dark web, a part of the internet accessible only by certain means, now features ransomware service models that sells any would-be cybercriminal the latest hacking tools in an easy-to-use format.

And ransomware itself is bringing in $1 billion in income to cybercriminals this year, according to FBI estimates.

“There are dark web entrepreneurs that go into the business of perpetrating ransomware and do that for their livelihood,” said Jim Kirkos, CEO and president of Meadowlands Regional Chamber of Commerce.