Source

A ransomware attack can be a company’s worst nightmare. The company’s staff might arrive at work only to discover that they have no access to any systems, information, or software to do their jobs. In place of a normal sign-in screen on their workstations, they see a digital counter ticking off the minutes until everything is destroyed. The company can prevent that destruction only by paying a bitcoin ransom to an anonymous location, typically in under 24 hours. The urgency of the demand gives the company no choice but to make the payment.

Ransomware has been affecting computers since at least 1989, when the Aids Trojan or PC Cyborg virus was distributed among health care providers on floppy disks. Almost 30 years later, in May 2017, the WannaCry ransomware virus spread rapidly around the world to infect more than 200,000 systems in more than 100 countries. Several British hospitals and health care facilities were temporarily shut down while technicians dealt with this attack.

The WannaCry attack has been dubbed the worst ransomware attack in history. At least four other specific attacks or attack modalities have been elevated into the ransomware hall of infamy.

In 2016, the University of Calgary paid a bit more than $16,000 to recover email accounts and data that were held hostage by unknown attackers. The University justified the payment with an explanation that it did not want to interrupt or lose the work that many of its researchers had compiled over a long period of time.  This attack on an institution of learning reflects a recent trend on ransomware, in which educational institutions are becoming targets. Previously, medical and health centers were more frequently the victims of ransomware attacks, presumably because of the life-and-death nature of their health care services, which causes a greater sense of urgency to recover data and systems.

As evidence of the propensity of hospitals to suffer ransomware attacks, in 2016 the Hollywood Presbyterian Medical Center in Los Angeles was one of several hospitals in the United States that was hit by ransomware. The Center paid $17,000 to recover its systems and data. Other affected hospitals made similar payments.

Ransomware attacks are not limited to medical facilities and educational institutions. The financial services sector is also a frequent target of ransomware hackers. Although no specific attack on this sector stands out, in 2016 ransomware was the number one cyberattack mechanism seen by companies in the financial services industry. Cybersecurity experts estimate that companies in all industry sectors are seeing an average of 4,000 attempted ransomware attacks per day.

Ransomware attacks in 2016 and 2017 that were launched against libraries and other public institutions are fifth on the list of the worst ransomware attacks. Libraries in Missouri, Tennessee, and Ohio have all been targeted. The Pennsylvania Senate Democratic Caucus also saw its network servers frozen by ransomware.

Cybersecurity experts recommend strong backups and redundancies as the initial line of defense against a ransomware attack. Computers and workstations that are linked into an affected network need to be disconnected from all internet connections as soon as the attack becomes apparent. With good backups, those machines can be wiped clean and restored to their working state with no harm to critical data or software.

This process will inevitably be time-consuming and expensive, and few companies will have all the financial and other resources necessary to handle it. A cyber protection policy can be a critical factor in helping a company recover from a ransomware attack regardless of whether that company has these resources. In many cases, that insurance policy will reimburse a company for its direct losses and for any third-party liabilities that it may incur as a result of the attack. Without that reimbursement, a company can lose a substantial portion of its profits that will then need to be used to finance the recovery.