In the wake of the devastating Cloudstar ransomware breach, Michael Hammond invited cybersecurity expert Bruce Phillips, SVP & Chief Information Security Officer at WEST, a Williston Financial Group company, on his July 28 FINTECH Hunting podcast to tell businesses how to guard against and – if necessary – recover from cyberattacks.
Cloudstar is a hosting provider for title companies, real estate, law firms and other companies. “They got hit by a ransomware attack and they have been down for over a week and there’s been nothing to indicate when they are coming back,” Phillips explained. “That means all these companies are scrambling to try to be able to close transactions because they can’t get to their systems which are hosted on [Cloudstar’s] service.”
That is ransomware and it’s growing exponentially each year. Losses in 2020 were $1.9 billion, up from $50 million six years before.
The criminals “get into your system, find out what insurance you have, what your limit is, . . . and then ask for a ransom amount right at the top of your limit,” Phillips said. And even if the ransom is paid you can’t just flip a switch and get back to business. According to Phillips, it could take a week or two to get back to business, depending on how much data was encrypted.
Statistics show that 80% of ransomware victims don’t get all their data back because portions are corrupted. And extorting a ransom payment is the lesser danger in a ransomware attack.
“If you’re in this industry you have names, social security numbers, driver’s license numbers, bank accounts, mother’s maiden name, and every other piece of information that a criminal would want to steal somebody’s identity,” Phillips said. “Each record of that is worth $100 on the black market.”
So, Hammond asked, what can businesses do?
“Education is the key,” Phillips said. “You need to train your employees on what ransomware is, what wire fraud is, what phishing is and how to detect it,” he continued. He urged businesses to use a phishing simulator to actually test-phish their own employees to see if they fall for the test lures, then train them on what they should be looking for.
Second, have a backup.
But if your backup is on the same system or same service provider that has been attacked, then your backup is also now encrypted. “You need a backup that will be available and then you have to have some other system that you can put your operating system on so you can load that data,” Phillips warned.
It’s more prevention and then understanding what your limitations will be if this happens, and then making the appropriate decision.
“It’s not really magic,” Phillips said. “It’s risk management.”