The Business of Business
A Hostage Situation: Are You A Victim or Hero? By Ryan Rindlisbacher
W
hen one thinks of being held hostage or having a ransom demanded for the safe return of some person or valuables, it typically involves some intimate setting. The police are going to follow the suitcase full of unmarked bills and arrest the perpetrators when they attempt to retrieve it; or some government agency sets up camp in your living room waiting for the phone to ring so they can trace the call and locate the criminals across town. All that goes out the window when it comes to ransomware. In the case of ransomware, the cyber bad guys are not down the road watching your home or business with binoculars, in fact they do not even know who you are. They do not contact you by phone or even email, but you are held ransom. Someone has taken control of your files, often very important and personal files, and there appears to be very little you can do about it. Pictures of a child’s wedding, tax records, customer lists, financial records—all being held trying to motivate you to pay up or live with the files being permanently gone. One technological advancement that has empowered ransomware to flourish is the invention of Bitcoin. It used to be quite difficult for ransomware creators to collect their bounty. They were forced to have people mail them prepaid visa cards or gift cards. This caused a lot of latency between being infected and getting your data back, assuming you were willing to pay. But around 2008, when Bitcoin was coming into its own, that all changed. The anonymity and speed of Bitcoin transfers make it the perfect method of payment for ransomware thieves. As attacks increase, we are seeing more and more government regulations on Bitcoin, with ransomware as the justification. Bitcoin’s role in ransomware could prove to be detrimental to its anonymous model. Ransomware is the nastiest (and most lucrative) form of “malicious software,” better known by its contracted name: malware. The
18 | DECEMBER.19
people creating malware are well funded. Just one ransomware campaign yielded $325 million USD [1]. The FBI estimates that ransomware generated $209,000,000 USD in the first three months of 2016 and is now over a one-billion-dollar a year crime. With these potential profits, ransomware is not going away. A survey published last year indicates that cyber-attacks are growing in frequency. With an increase of 40 percent year over year 2. The survey continued with an astounding 80 percent of executives and cybersecurity experts reporting they had experienced some kind of cybersecurity breach in the past. Can you imagine the public outrage if 80 percent of Americans had been broken into or burglarized! Living in that kind of fear is unfathomable. With over 4,000+ attacks per day, or just under 1.5 million attacks per year in the United States alone, it is not a question of if you will be attacked, but when…but luckily you get to decide how badly it will affect you. THEY’VE GOT THEIR EYE ON YOU Running a small business is difficult. Finding the right employees, creating and expanding brand recognition and trying to keep costs down are just a few of the
challenges. Often small businesses lack the knowledge, the funds and the manpower to adequately protect themselves against the inundation of malware. Throw on cyberattacks that can sneak up and threaten the solvency of a business without any warning, and a profitable year suddenly becomes painful and embarrassing as you try to explain to customers why you lost your company’s history. With large firms struggling to stay ahead of cyber criminals and e-extortionists, it should come as no surprise that small businesses are falling prey to their shenanigans. In fact, 43 percent of cyberattacks specifically target small businesses2. Large companies and even the United States federal government, with their almost limitless means and resources are struggling to find answers to thwart off malware. Therefore, it is impractical to expect small businesses to be able to adequately defend themselves against such attacks. Microsoft and other operating system designers have tried to enhance security to slow down or stop this barrage and have had varying levels of success. Thus far, there has been no silver bullet. With 89.4 percent of America’s companies being classified as small businesses3, nearly 90 percent of the businesses that drive the U.S. economy are
