A cyber security expert answers your ransomware questions

Most businesses rely on their computers to communicate with customers and vendors, track their performance and generally get their work done. So, the thought of not being able to access your data is nerve-wracking. If a hacker got into your system and held your data hostage, would you know what to do?

We sat down with Christopher Hojnowski, Vice President and Product Head, Technology and Cyber for Hiscox USA to talk about how to protect your business from ransomware attacks. 

What is ransomware?

“Ransomware is when a threat actor gains access to your computer system and basically steals your data,” said Hojnowski. “Then they either encrypt your data so you can’t get to it – only they can – or they threaten to delete it or release it. They’ll do any of the many things that would interrupt your business or harm your reputation with clients or vendors.”

How do these threat actors get into a computer system?

“There are several different ways that someone could gain access to your system,” Hojnowski said. The most tried and true way is by phishing – when they send an email saying they are someone they’re not. The email includes a link or an attachment. If you click the link or open the attachment, it loads malware on your system which lets the hacker get in there and do their thing.
 
“They may also gain access because you give them credentials – again, because they said they are someone they’re not – or access to some information they shouldn’t have. 

“Another easy way they can get in is through open ports in your system. Using remote desktop protocol or RDP, a hacker gains access to your system through an open port on the internet. Then they tunnel through the system to get the information they need. They can scan several companies’ systems and see if there are any remote desktop or legacy operating systems running. Once they find one, in they go.”

Related: What’s your cyber security IQ?

What kinds of systems are most vulnerable?

“I mentioned legacy operating systems before, and this can be a critical vulnerability,” said Hojnowski. “Older operating systems that are no longer being patched, such as Microsoft Internet Explorer, are an issue. Now that Microsoft has changed over to Microsoft Edge, there may be a vulnerability that everyone on the internet knows about, but it will never be patched because it’s a legacy system that’s no longer supported. Now expand that to every piece of software you could be using that runs on that legacy system that will never be patched.

“You can also run a scan for critical vulnerabilities. There’s a database of critical vulnerabilities that is put out every year so that companies can address them. But that same information is valuable to hackers because it tells them which of their tools they can use to exploit them. Once they do that, they’re in your system.”

Related: The top 5 cyber risks for businesses

How can small business owners protect themselves?

“Just as there are many ways your system can be compromised, there are many ways to protect yourself,” Hojnowski said. “To protect against phishing email, never, ever click on a link in an email, even if it looks legitimate. It used to be easy to identify a phishing email – there would be grammar or spelling errors, or it would be so generic as to be obviously fake. But now hackers are using ChatGPT and other artificial intelligence tools to write their phishing emails, so it’s a lot harder to pick them out. So don’t click links unless you’re 100% certain of who it came from and where it will take you. 

“Another important step to take is to run every patch as soon as it comes out. Once a patch comes out, it’s common knowledge that there is a vulnerability, so someone will try to exploit that. Suppose someone gets into your system and encrypts all your data. You think, ‘Oh, well, it’s fine because I have my data backed up on site or I have physical backups.’ But what you don’t know is when the actual attack occurred. Sometimes a threat actor will get into a system and just sit dormant for three or four months to see how the system operates. By then, they’re fully ingrained in the system. Then they decide to flip a switch, encrypt the data and demand a ransom. But you have no idea how long they’ve been in there or how much data they’ve had access to. 

“I saw a situation recently where there was a known vulnerability, and a patch was released. This company didn’t run the patch right away – they waited a few months. Once they ran it, they found that someone had been sitting in their system all that time, encrypting backups and things like that. So they thought everything was backed up, but their backups were also encrypted and all their data was gone. 

“Finally, and maybe most importantly, get cyber security insurance. Besides covering the costs that may be associated with a ransomware demand, cyber security insurance can provide breach prevention training, access to professional incident response services, coverage for defense costs, and more.“

If you get a ransomware demand, should you pay it?

“If you get a ransomware demand, you want to immediately reach out to your cyber insurance carrier,” said Hojnowski. They have experts who can go in and determine what went wrong, where the breach is, how to fix it, and what data was exposed. They can determine whether a ransom should be paid or not, but even more importantly, they can help get your business back up and running.”

Computers are an essential part of your business, but keeping your data safe requires vigilance. Take the first step by getting a quote for cyber security insurance. It’s fast and easy, and your business could be covered today.