By: Bob Goldberg, RSPA General Counsel
At this year’s Inspire Conference I spoke on “Fighting Criminals.” Criminals have had a dramatic effect upon our industry both in the area of breaches and ransomware. A recent massive ransomware attack infected over 75,000 computers in 99 countries. The vulnerability that allowed the ransomware to be applied was unpatched Microsoft Software. The malware, called “WannaCry” locks out users and threatens to destroy data unless the ransom is paid. This is clear criminal conduct that will continue to evolve and threaten end users. This is also an opportunity for RSPA members to mine deeper into an end user’s business and distinguish themselves as trusted advisors.
The initial ransom demand for WannaCry was $300, to be paid in bitcoins. Subsequent demands were increased. It was unclear whether the ransom payment would release a single computer or an entire system. Although law enforcement advises against paying any ransom, many businesses had no alternative due to their lack of cyber security measures. Regardless of whether an end user was attacked, businesses are clearly aware of the risk and need to take precautions.
As noted, the attack was to vulnerabilities in Microsoft software. The first step in approaching an end user is to determine the version of all software being used, if it is properly licensed, and has it been updated. Many of the systems attacked had pirated software which had not been maintained with necessary patches. Microsoft was quick to release a patch for WannaCry, however patches for future threats may not be available for unlicensed software.
Determine if the end user has a cyber insurance policy. Many polices offer ransom or extortion coverage which includes the cost of a ransom payment. Cyber policies also typically provide coverage for the cost of investigating and responding to a ransomware attack and for lost business income arising from an attack. Identify a broker in your area that offers cyber insurance, learn about the policies, and establish a referral relationship. Certainly, the broker will receive inquiries and can suggest your company as a trusted advisor to examine and support a system. Likewise, you can refer uninsured companies to the broker.
To avoid paying ransom an end user can rely on its back-up with a minimal loss of data. Many companies have back-up systems, but they are not used properly or timely. Cloud back-up systems are a good solution and resellers can resell these services establishing a recurring revenue stream. At the same time antivirus software can be examined as well as upgrades to Windows 365.
Paying the ransom does not assure the data will be released. One is dealing with a criminal and certainly the criminal may not be trusted. The end user also does not know whether the system has been infected with additional malware. Many law enforcement authorities suggest that the payment of ransom invites additional attacks and demands. An attacked system needs to be carefully analyzed and that is a service RSPA members can provide.
As a trusted advisor you should also be in a position to offer advice on any legal Notices that must be given in the event of a breach. Notices vary among states and there are also federal requirements. All fifty states have data breach reporting obligations. In New York, notification of a breach for certain entities must be given within seventy-two hours. If the system contains HIPPA data, a ransomware attack must be reported as a breach within 60 days. The exception is if an end user can prove that its data was not compromised because it was encrypted. Encryption of data is another talking point to pursue if the end user has regulated confidential information.
Develop a Response Plan you can provide to your customers. When a ransom attack occurs, there is confusion and chaos as to what to do. Since ransom demands have a deadline for compliance, a predetermined plan can be of great assistance. Starting with disconnecting and shutting down the infected computer through necessary notification, your guide can be followed.
Offer “lunch and learns” to educate end users on safeguards to prevent malicious software from being introduced to their system. Most malware is released through an email or attachment. While your customers are learning, be sure to take them through your demonstration room to see new systems and solutions. Ransomware is a worldwide menace, but also an opportunity for RSPA members to step up and assist businesses.