T
TECHNOLOGY ISSUE
Ransomware: What Every Restaurant and Lodging Business Must Know By AL SAIKALI CHAIR, PRIVACY & DATA SECURITY PRACTICE SHOOK, HARDY & BACON, LLP
R
ansomware attacks have sucked billions of dollars from American companies. Not just in ransoms paid, but also in lost revenue, the costs incurred restoring systems and investigating the incident, and the cost of class-action lawsuits that have followed when customer/ employee personal information is impacted. This article addresses some of the most common questions about ransomware and provides suggestions on ways to mitigate that risk.
What Is a Ransomware Attack? Ransomware is a form of malware that encrypts (locks) your data and prevents access unless you unlock the data with a decryption key. There are three stages to a ransomware attack. In the first stage, the threat actor (“the bad guy”) exploits an existing weakness (vulnerability) in your network. This 36
WINTER 2022
vulnerability could be an open remote desktop protocol port, an employee who clicks on a phishing link or unpatched software for an application or server/ firewall. This stage gives the threat actor a foothold in your organization. In the second stage of the attack, the threat actor performs reconnaissance in your network to identify and often exfiltrate/steal your data. In the third stage, the threat actor deploys the ransomware that begins encrypting your files. Without effective monitoring tools, all you will see is the end result when you turn on your computer, cannot access files because they’re encrypted and find a ransom note threatening to release the stolen data on the dark web unless you pay a ransom. The analogy I like to give clients is to imagine if you were to leave your house for the weekend but your front door
and a couple of windows are unlocked. Those unlocked doors/windows are your vulnerabilities. A burglar will test your doors and windows until he finds an unlocked one and uses it to access your house (i.e., exploit your vulnerability). Once inside, he will perform reconnaissance — looking around your house to find where your valuable items are hidden — and he will steal (exfiltrate) some of your items in the process. Imagine if, before the burglar leaves your house, he goes around changing all the locks so you can no longer access your house. When you return home you realize your key doesn’t work anymore. You see a note on your front door that says, “If you want to re-enter your house you must pay me $5,000,000 in Bitcoin; and I stole your valuable/sensitive items, so unless you pay me in the next 72 hours, I will sell everything I stole on the dark web.” That is essentially a ransomware attack. FLORIDA RESTAUR ANT & LOD GING A S SO CIATION
