How not to deal with a ransomware attack

Your client should never have to negotiate with a cyber criminal even if that client has suffered a ransomware attack, cyber security experts advise.

Ransomware is a type of computer malware that prevents clients from either using their computers or accessing their files unless they pay a “ransom,” notes Bermuda specialty insurer Axis Capital Holdings Ltd. Ransomware often encrypts files so they cannot be opened.

“The best way to deal with this, in my opinion, is to not negotiate but to have appropriate backup,” Adil Palsetia, Toronto-based partner with KPMG Canada’s cybersecurity and privacy practice, said in an interview.

“If my personal laptop, that is assigned to me, gets locked, I wouldn’t pay. I would lose probably some personal files – maybe some pictures of my kids – and maybe one or two files that I have not necessarily backed up yet,” added Palsetia.

But if your client has a “strong technology operation,” his or her laptop should be automatically backed up on a regular basis.

For American International Group Inc., ransomware was the top cause of loss for cyber claims in AIG’s Europe, Middle East and Africa region, the insurer reported this past May.

Computer security vendor Kaspersky Lab advises ransomware victims not to pay the ransom demanded by the perpetrators because paying the ransom does not guarantee they will get their data back.

“Make regular backups of important information and keep several copies in different places,” Moscow-based Kaspersky said in Cyber Pulse: The State of Cybersecurity in Healthcare, a report released Dec 18.

“Maintain control over the network by restricting access to information for employees that do not need it.”

The Kaspersky report is based on a survey it commissioned to Opinion Matters of 1,758 employees based in Canadian and American healthcare organizations.

In 2017 there were more than 4,000 ransomware attacks in the United States – a 300% increase over 2016, Axis Capital reported.

One way of reducing the severity of a cyber attack is to rehearse such an attack, Palsetia said in an interview.

KPMG computer security consultants sometimes walk into clients’ offices unannounced and run a cyber breach drill.

This is “kind of like a true fire drill,” as opposed to telling staff ahead of time that a drill will be conducted on a certain day and time, Palsetia said.

“You don’t get to choose when [a cyber breach] happens. If it happens at 11:00 pm on December 24, that’s when it happens and you need to know who to bring to the table to mitigate the impact as quickly as possible.”