Flooring contractors are the most recent victims of the malicious software known as ransomware, which uses a computer virus to hold data hostage until a ransom is paid. While the scam has been around for years, this malware became front page news due to two major attacks based on a WannaCry variant in May and the Petra/Goldeneye worm in June, which was particularly destructive. The malicious code in these cases encrypted data on machines and demanded victims pay $300 to recover their data.
Ransomware, which is often transmitted by email or web pop-ups, has generally targeted blue-chip companies, academic institutions and hospitals, but more businesses—including those in the flooring industry—are becoming victims. The hack has become such a concern, in fact, that Bob Murdoch, vice president of M.E. Sabosik Associates, a flooring contractor in Point Pleasant, N.J., and chairman of Starnet’s Technology Committee, brought it to the attention of members at the group’s spring meeting.
“In 2015, ransomware was about 20% of all virus malware-type of hacks and in 2016 that number spiked to 66%,” Murdoch said. “It was a real growth area. We felt it was something we wanted to point out to folks. It took us aback when we had a chief financial officer meeting with 13 or 14 people in it and the question came up, ‘Did anyone get hit with ransomware?’ and we were shocked to see nine hands shoot up. It cost them anywhere from $10,000 to $20,000 to recover from it.”
Murdoch said what surprised him was that only one person had paid a $200 ransom. Everyone else said they were not going to pay, opting instead to use whatever backup system they had to get back on their feet. Building upon a security vulnerability in older operating systems that had not been properly updated with patches, the hackers hold data hostage until a company pays the ransom with Bitcoin cryptocurrency, through the mail or with Green Dot prepaid debit cards.
Rebuilding data and hard drives after such an attack can get expensive, especially for companies who have 10 or 20 computers on a system. It should be noted that most of the entry-point devices in recent hacks were computers/servers with 10-year+ old XP or Windows server operating systems or internet-connected devices, such as routers that still had the default manufacturer usernames and passwords on them, which allowed them to be easily breached by even the most novice hacker.
Thankfully, Murdoch said there are steps companies can take to reduce their chances of becoming a victim and recovering your data if you do get hit. Here are his recommendations:
A Strong Backup Strategy
The first step is to have a strong backup strategy, which enables a company to have the tools to get back on their feet after an attack occurs. “It is just about impossible to completely stop it, so what you’ve got to do is make sure you have lots of tools in place to cut down your vulnerability, and if they do get through the moat you’ve built, you have a way to get back on your feet afterwards,” Murdoch said.
There is a two-pronged strategy you can use for backing up your data: cloud-based and physical backup. Cloud based solutions are not a huge line item and will cost two figures a month for smaller networks and three figures for most large dealers, scaled to the number of devices using the software and how much data is backed up. Murdoch said common cloud data backup systems are Carbonite, CrashPlan, EyeDrive and SOS Online Backup. Cloud systems are not a huge line item and may cost around $200 per month, depending on how much data storage you need.
Murdoch recommends supplementing your cloud system with a physical strategy.
He recommends Western Digital My Passport Ultra portable hard drives as they are powered directly from a USB port and easily swappable as they copy data directly from the computer, server, or network from which they are attached.
“Just make sure you rotate them on a regular basis,” Murdoch said. “Some people do it daily; some do it once every couple of days. Just realize that if you get hit, how much data are you willing to re-key in? That will dictate how aggressive you need to be in swapping these things out and around.”
Also, don’t leave the drive attached to your system permanently. If your system gets attacked by ransomware, anything attached to that network is vulnerable, including the backup drive. Swap out the drives and store them in a safe place, preferably offsite, in case of theft or natural disaster.
“When we were hit with Hurricane Sandy, we didn’t have electricity for weeks, so a cloud backup wouldn’t have helped us in that situation,” Murdoch said.
Don’t Engage in Risky Online Behavior
There are a few simple rules to follow when working on the internet and with email:
Be careful about using public Wi-Fi networks. “One thing I warn people of—and we’re all guilty of this—when we travel somewhere and log on to free Wi-Fi at Starbucks or the airport, PLEASE don’t type in usernames and passwords to your virtual private networks on them,” Murdoch said. “This doesn’t apply if your data is encrypted on airport systems, such as Boingo Passpoint connections, but if you are just using the standard type of connections, you are vulnerable. Password protection isn’t enough, as they have keylogging programs that can easily get them from your unencrypted transmissions.”
Hackers will sit in public places with devices that can pull data off phones, tablets and computers. Once they get into your device, it may be possible for them to hack into office servers and wreak havoc.
Emails are one of most common ways for hackers to access your data. They can hack your address book, send a blast email to everyone in it that may say, “Hey, check out this great site I found,” and include a link to malware. People click on the links and voilà, hackers have access to your system.
“Most people in our industry have made a good habit of making sure emails have a signature at the bottom, which includes a name, company logo, contact information,” Murdoch said. “If someone gets an email that does not have that signature block of data, it is suspect.”
Murdoch suggests the best practice that all people have these signature fields filled out with contact information as nothing is more frustrating than looking for contact info at the bottom of an email and seeing nothing but ‘sent from my iPhone” on it. If everyone would use them, it would dramatically lower the threat as fake emails would be easily spotted, even if it came from a known email contact.
Another tip is to hover your mouse over the sender’s email address to ensure it’s coming from the correct sender. The email could be suspect if the address has a long URL and ends in a Russian (.ru), Ukraine (.ua), Korean (.kr) or Indian (.in) domain, which is commonly where these malware attacks originate.
Don’t click on links and pdf files willy-nilly. The majority of initial infections occur when you click on an attachment or link, triggering the code that starts disabling your anti-virus software, injecting the code into multiple places in your operating system, and then spreading to as many machines and peripherals as possible before it locks up all the affected systems and demands payment.
Have IT Help on Speed Dial
“When something like this comes up, I have the responsibility in my office of calling the IT guy,” Murdoch said. “Have one on speed dial that you can call—it’s probably the guy who helped build out your network and is advanced and experienced in helping businesses recover from these things.
Don’t hire the least expensive contractor, either. Murdoch recommends finding someone reliable and who has the experience necessary to get you out of the malware situation quickly and with the least amount of hassle.
Bottom line, business owners must determine the tradeoff between security and usability. “We can make things super tight like Fort Knox, but will people be banging their keyboards out of frustration?” Murdoch asked. “Then you have other people who hook up everything to the internet and it’s open season. The sweet spot is somewhere in between.”