As a Wall Street Journal blog reported, ransomware has exploded, the attacks more sophisticated as hackers are encouraged by the percentage of victim who pay the ransom. Insurance underwriter Beazley released a report last Thursday in which it said ransomware attacks will be four times higher in 2016 than last year.
Sadly, hackers don't need technical expertise because they can easily buy a ransomware kit and put it to use.
Companies that are victims of these attacks aren't given a pass by the authorities. They still may have to report such incidents to regulators and may have to issue data breach notifications, even if no data are removed, said Lisa Sotto, a partner at law firm Hunton & Williams. "I wouldn't expect regulators to be terribly forgiving," she said.
And this is why we preach endlessly that you must have one good backup that is never connected to the network. Ransomware is so attractive these days that cybercriminals can make more with ransomware than they can by selling personal data on the dark web.
Last week, we lectured to a group of lawyers in Emporia, Virginia, where most of the law firms tend to be quite small. At the end of the presentation, two lawyers approached us to tell us that their small firms had been successfully attacked. Both paid the ransom. One of the lawyers was kind enough to tell us that his firm paid $3000. Affordable to a small firm, but hardly chump change – and they were out of business for eight days. Ouch, ouch, ouch – that's a lot more than $3000 lost!
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology