In Episode 4 of ARC’s TravelConnect Virtual Series, Andrei Barysevich, CEO and Co-Founder of Gemini Advisory, offered step-by-step advice on what to do in case of a ransomware attack, in an interview with ARC’s Director of Marketing Strategy, Content and Brand, Peter Kane.
“Any business can be attacked easily,” Barysevich said. “Ransomware is, frankly, the number-one threat right now for a business.”
Barysevich defines ransomware as a fraud tactic to extort money from a business owner, wherein a fraudster gains access to, and encrypts, a computer system, preventing the user from being able to access their files or data.
Not only is this an issue for a company’s productivity and operations, but it can also have a tremendous impact on data security. Barysevich described how hackers may threaten to make sensitive, stolen data public, or make it available for other fraudsters to purchase on the dark web. For companies handling sensitive customer information (such as financial, medical or other personal data), this can be devastating.
“We hear a lot about large, multinational businesses being hit with ransomware,” Barysevich noted. “But for every enterprise-level business, there are thousands of smaller-level businesses that are being hit by fraudsters and hackers daily.”
How can companies of all sizes protect themselves from a ransomware attack? Barysevich offered five tips.
Plan ahead. Think about what you would do if your systems were impacted by a ransomware attack. If you’re lucky, Barysevich said, you can solicit help from a nonprofit specializing in system decryption. Some companies may have no choice but to pay the ransom to restore their data. “I’m against paying the ransom,” Barysevich said. “I say, ‘Do not pay criminals,’ because everybody knows that, by paying criminals, you incentivize criminals to do more attacks later on… If you can — if there’s the slightest chance that you can erase your entire system and start from scratch — maybe it’s going to take you two weeks to get all the records back from the paper copies… I always say, do that. Don’t pay the criminals.”
If necessary, make a strategy to purchase bitcoins. If you expect that your organization would need to pay the ransom for an attack, determine how you will purchase bitcoins, which is the only currency that fraudsters accept. Purchasing a high value of bitcoins can be complex and takes time. “Open an account ahead of time. Buy some bitcoins ahead of time,” Barysevich said. “It’s very important to understand how you’re going to purchase bitcoins.”
Every day, make an encrypted backup on a hard drive that is disconnected from your system. If your computer is infected, and your hard drive is connected to your computer, your backup will also become infected, Barysevich said. It’s important that the backup is disconnected to ensure it remains secure.
Use cloud-based storage services and an antivirus program. Barysevich recommended platforms that securely store data on the cloud rather than on a local computer system. “If you store all your information online, your data will be protected. As long as you keep your system… clean without having to keep all the sensitive information locally, you will be okay. You can easily restart your system from scratch, and you’ll be just fine.” In terms of antivirus software, Barysevich notes that even the free version of an antivirus program is better than nothing.
Apply basic security hygiene. “If you’re a team of one, train yourself. If you have a team of people, train your people,” Barysevich said. Teach people to exercise caution in the files they open. Microsoft Word, Excel and PowerPoint files are especially vulnerable. If a file prompts you to run macros, do not open it. If it appears that it could be a legitimate file, confirm with the sender via a phone call or text message; it’s possible that the sender’s computer has been infected and sent emails to all the sender’s contacts, Barysevich notes.