Are Ransomware Attacks Data Breaches?

Everyone is familiar with, or has heard of, ransomware. It has been around in some fashion since 1989, with notable resurgence in 2005 and 2013. The original idea was to extort money from the victims by gaining access to their systems and encrypting the data. These hacks were not considered by many to be data breaches, as the data wasn’t taken or stolen; it was encrypted and made unavailable. However, the argument could be made that they were breaches, as the owner no longer had control over, or access to, the data.

New Age Ransomware Data Breaches

In more recent years, ransomware and the way it is used has changed. Once it gains access to a system, it still encrypts the data. Before it does however, it can extract the data from the victim’s systems to the hacker’s systems, causing a data breach. The victim has a lot more at stake now. Before, when the data wasn’t stolen, the victim was not required to disclose if they had been a victim of ransomware, allowing them to save any damage to their reputation. They may have suffered a financial loss to recover access to their data, but they weren’t necessarily losing any business and they didn’t lose their information.

Now though, you may have a data breach on your hands, and the hacker has more leverage. The hacker can pressure the victim to pay a ransom in order to recover, or decrypt, their data; but the hacker can also now use any financial information, employee personal information and/or customer details they have extracted to spear phish any partners, customers or employees of the victim company. Or the hacker can blackmail the victim, threatening to leak the information if the ransom isn’t paid. There are some hackers that will threaten to post the victim company’s name on a website, indicating that they refused to pay the ransom, and they will follow through.

Steps To Preventing A Ransomware Data Breach

Can your company afford to be a victim of ransomware today, as a data breach? If your company loses its reputation and is unable to safeguard your sensitive information, how long will your company survive?

There are steps you can take as precautions to limit any potential damage.

1. Start with keeping your hardware and software systems up to date and apply security patches. A lot of malware takes advantage of known security vulnerabilities in Microsoft operating systems, for which they release security patches. If your operating system, hardware or the software you use is no longer under support, you are no longer receiving security patches and are vulnerable.
2. On your computers, disable any unnecessary ports, especially remote ports, to keep ransomware from being able to access the system. If hackers are unable to get in, they can’t take or encrypt your data.
3. Schedule regular backups of your data. Have multiple copies of your backups, at least one of which should be off-line to be safe from hackers and be available to restore from if needed.
4. Enforce multi-factor authentication (MFA) for your users. Their accounts, and your data, will be much safer when MFA is enforced, it is much more difficult for hackers to break through. Even if the hacker manages to figure out the user’s password, he (or she) won’t have that second authentication factor and won’t be able to use that vector for gaining access to your systems.
5. Have a plan for what to do in the event your data and systems are compromised. Your plan should be detailed, tested and updated regularly, and practiced. It should include any notifications that may need to be sent in the event of an incident, whether that be internal or external, to employees, managers, board members or customers. Your plan should also include regular security training for your employees so they will be better equipped to respond to social engineering and phishing attempts they may encounter.

Recognizing the danger is the first step to protecting your company from it. Planning for it is what can protect you.

Please feel free to contact us if you have any questions or concerns.