Comment

Ransomware can cripple your business

KEN SHIRLEY, CEO, ROAD TRANSPORT FORUM NEW ZEALAND.

ALMOST EVERY 21st century business has become totally reliant on the integrity and functionality of its IT systems, so much so that we now take them for granted.

Trucking companies are no different. IT systems are fundamental to the daily operation of a modern transport and logistics business and without them the wheels would literally stop turning.

Unfortunately, the convenience, speed and ease-of-use of modern-day IT systems also carries significant risks.

Hacking, data theft and online piracy are occurrences that, due to their increasing frequency, have become part of our everyday lexicon, even if we don’t really know what they mean.

There also exists another threat that is just as pernicious and in many ways is far more disruptive to an organisation, and that is “ransomware”.

A few weeks ago, the Road Transport Forum suffered an extremely serious ransomware attack. It completely knocked out our entire computer system – files, emails, everything.

It took several days to resolve and cost quite a sum of money. Unfortunately, and somewhat against my better judgement, it also involved the fairly grubby business of actually paying the crooks off with the ransom. They say never negotiate with terrorists but in this instance we were left with little choice.

Ransomware is a type of malicious software that denies a user access to their files or computer system unless they pay a ransom.

It prevents you from using your computer by placing an encryption over the files and then the attacker ransoms the de-encryption codes back to you.

The ransom, as in RTF’s case, is often not overly expensive, which encourages you to pay it. It is specifically designed to cost a lot less than it would to completely rebuild your computer system, which is what you would have to do if you refuse to pay and in addition you might never recover historical records.

I have been told that there are around four ransomware attacks per minute worldwide. Small organisations are often considered convenient targets because they do not have the high levels of protection that can be afforded by large businesses.

According to New Zealand’s Computer Emergency Response Team (CERT NZ), which was set up by the Government in 2016, there is also a certain amount of risk in paying the ransom because it doesn’t mean that the de-encryption codes will work or you will get your data back. It is fairly common for the attacker to simply take your money and leave your files encrypted.

Ransom is typically demanded in Bitcoin, which is pretty much untraceable, so to pay it you have to have a Bitcoin account or go through somebody that does. You also have to be comfortable with the fact that you are aiding and abetting criminal activity.

CERT NZ identifies two main types of ransomware. Crypto-ransomware, which is what RTF was attacked by, encrypts files and does not allow access to them until you pay the ransom and get the password to unlock the encryption from the attacker.

“Ransom is typically demanded in Bitcoin, which is pretty much untraceable, so to pay it you have to have
a Bitcoin account or go through somebody that does. You also have to be comfortable with the fact that
you are aiding and abetting criminal activity.”

Lockscreen ransomware, on the other hand, works by locking your computer or your files. A message will appear telling you that you need to pay a ransom before you are allowed access. You won’t be able to remove the message or access your desktop or any of your files.

Ransomware can get into your computer in the same way that malware or a virus does, through visiting unsafe or suspicious websites, opening emails or files from someone you don’t know, or clicking on malicious links in social media such as dodgy Facebook posts.

In RTF’s case we believe it came in through a remote access portal used to externally administer our system.

To best protect your organisation CERT NZ advises to always update your operating system and make sure you back up your files regularly.

Install antivirus and anti-ransomware software on your system if you don’t already have it and keep it up-to-date. Install a firewall to stop traffic from untrustworthy sources getting into your computer and, finally, refrain from enabling macros in Microsoft Office.

For transport companies operating vehicle fleets, managing payroll, invoices and all the other administrative and accounting functions now done electronically, it is no exaggeration to say a ransomware attack could be devastating.

Familiarise yourself with the advice provided online by reputable organisations like (CERT NZ) and Netsafe, make sure you have good back-up systems, don’t open suspicious-looking emails or websites and invest in the best possible security software.

These measures, while certainly no guarantee that you won’t be targeted, will at least provide your organisation with the best possible chance of coming out the other end with your system intact.

Related posts

Parting words from Jeremy Sole- a final column

Contrafed PUblishing

Smoko antics

Contrafed PUblishing

John Deere K-Series wheel loaders

Contrafed PUblishing