If your small business has been on the wrong end of a ransomware attack, you know this: losing access to your computer system is panic-inducing. These days, everything is there: your payroll, your email accounts, inventory, sales records. Everything.
It’s too easy for hackers — just a few clicks after any browser search can get you to a site where you can download malware. A little online research will teach you how to infest someone’s computer system.
Once you learn that, it might occur to you, if you’ve a nasty streak, to attach ransomware there, just to see if you can get away with it.
Then, to cover your tracks, you’d have to learn about cybercurrency, which is difficult to trace. No problem. Spark up your browser again.
We wouldn’t encourage anyone to do any of this, but then again, those who do don’t need any encouragement. They’re just the people we used to call thieves.
You will likely conclude in short order that you have no choice but to pay up, and that means paying a criminal hiding behind internet anonymity thousands of dollars. It’s galling.
Take it from Mike MacGillivray, general manager of Tony’s Meats in Antigonish, N.S., who arrived for work one day in May and couldn’t log in. When he tried he was greeted by a message warning that his files had been encrypted, and gave him an email address to respond to if he wanted access.
You will likely conclude in short order that you have no choice but to pay up, and that means paying a criminal hiding behind internet anonymity thousands of dollars. It’s galling.
The hackers demanded $14,000 in bitcoin, and MacGillivray felt he had to pay. Fortunately, insurance covered most of the cost, but it was a hassle and even though he had taken security measures, the hackers were able to find a way in.
Similar attacks have been directed at municipal offices in the Ontario towns of Stratford, Wasaga Beach and Midland. The University of Calgary had to pay $20,000 to ransomware hackers in 2016, but that’s nothing compared to what Baltimore is facing. That United States city is recovering from an attack that could eventually cost them $18 million to sort out.
The threat to small businesses is growing. The Canadian Centre for Cyber Security says 19 per cent of Canadians who owned a “.ca” domain were hit by a ransomware attack just in the three months from November 2017 to January 2018.
Canadian Underwriter, an insurance industry newsletter, says this type of attack represented about one-third of all cyber-related insurance claims in 2018, a nine per cent increase from 2017. And they say small businesses are more at risk because their security is likely easier to penetrate.
Const. Byron Mercer of the RCMP’s digital forensics service in Halifax says businesses should protect themselves by staying up-to-date on firewall and antivirus programs and by having good backup systems. Good advice for all of us.