Protect Your Business From Ransomware | Chase for Business

Protect Your Business From Ransomware |  Chase for Business

It’s all about the payday

“Often ransomware isn’t the first piece of malware that a victim organization receives,” says Brett Wallace, Head of Cybersecurity Operations at JPMorgan Chase. Usually, an unwitting employee is first induced to download malicious software that grants an attacker access to the network.

Once a hacker has access, they move through the network gathering information to understand what the organization does and how much revenue it generates. This information is used to set the ransom amount. “Different businesses are asked to pay different amounts based on their revenue. These groups are smart about that. They do their homework,” says Wallace.

Then, information is often stolen from the network before ransomware is finally. A typical business cannot go long without the ability to access business or customer data, and the attackers usually apply further pressure by threatening to publish the data they stole. Out of desperation, owners often pay.

But it’s how they pay that’s the real gamechanger.

Other attempts at online theft bring in less or take more work. If a hacker steals credit card numbers, they can sell them or use them, but the value of those numbers is limited and credit card fraud is often detected quickly. Large bank withdrawals or transfers are risky because they’re often flagged and the transaction canceled. Hacks that require social engineering rely on employees to carryout orders or make approvals that take time and could look suspicious.

The beauty of ransomware, from a hacker’s point of view, is that it requires direct payment. And that payment is usually made using a cryptocurrency such as Bitcoin. “Cryptocurrency is the enabler that allows ransomware attacks to increase their size and scale,” says Wallace. “For law enforcement interested in tracking or following the money, it’s a shell game.” You send the money and it can disappear into the internet.

What can you do to prevent an attack?

“No industry is immune. Everyone who has an online presence and is connected to the internet is a potential victim,” says Wallace.

The good news? Basic cybersecurity practices continue to be effective for organizations of any size. In particular, Wallace believes that focusing on three layers of protection will significantly reduce your risk:

1. Multifactor authentication

A ‘factor’ in authentication speak is just a way of confirming your identity when you try to sign into an account. The three most common types of factors are something you know (like a password), something you have (like a smartphone or one-time passcode generator) or something unique to you (such as biometric data ie, fingerprint). Multifactor authentication is the practice of using more than one factor. So, even if a hacker steals a password, they still can’t gain access to your accounts without an additional authentication factor — which they are unlikely to possess.

2. Vulnerability management

Exploiting software bugs, known as vulnerabilities, on internet-facing devices is the easiest way for hackers to enter your network. Investing in a ability to identify vulnerabilities in your technology and remediating them promptly will significantly reduce the risk of compromise.

3. Employee awareness

Even with the best technology in place to prevent attacks, it can all be undone by an employee clicking on a malicious link or opening a weaponized attachment. A rigorous education and awareness program, which includes sending fake malicious emails to your own employees, can foster a strong security culture and reduce the likelihood of malware being introduced to your network.

What do you do if your business is attacked?

There is no one-size-fits-all approach to a ransomware attack. That’s why it’s so important to develop an incident response plan.

“The time to develop an incident response playbook is not during an incident,” Wallace says. “A lack of preparedness could put you in a situation where you don’t have choices.”

A few questions to ask yourself when writing your plan:

  • Who needs to be involved in responding to a cybersecurity incident?
    • What is each person’s role?
    • How can they be contacted?
  • How will you assess what happened to understand the scope, impact and extent of the damage?
    • What systems need to be assessed?
    • What data is most at risk?
    • What data can you not afford to have lost or exposed?
    • How will you document your assessment?
  • How will you contain the incident?
    • How will you know when the incident is sufficiently contained?
  • What are the steps for eradicating the threat?
  • How will you recover and return to regular operations?
    • Do you have sufficient backups for critical data?
    • Have you tested restoring backups to make sure you can complete the task quickly and effectively?
    • How will you communicate to the team the progress of the recovery?
    • How will you monitor operations after the recovery?
  • How will you learn from the incident and make changes?

Not every business is able to carry out an incident response on its own. If not, businesses may want to work with an IT consultant to ensure they’re able to recover with minimal disruption.

Keep learning

The US Cybersecurity & Infrastructure Security Agency offers free resources to help you understand cybersecurity threats and take proactive steps to protect your business. The US Small Business Administration [DR2] and its partners regularly host in-person and virtual events on cybersecurity.

If you suspect your business is a victim of fraud, contact your Chase Client Service Representative immediately or call the Chase Connect® Service Center at 1-877-226-0071 (for government and not-for-profit organizations: 1-855-893-2223).

For informational/educational purposes only: The views expressed in this article may differ from those of other employees and departments of JPMorgan Chase & Co. Views and strategies described may not be appropriate for everyone and are not intended as specific advice/recommendation for any individual. Information has been obtained from sources believed to be reliable, but JPMorgan Chase & Co. or its affiliates and/or subsidiaries do not warrant its completeness or accuracy. You should carefully consider your needs and objectives before making any decisions and consult the appropriate professional(s). Outlooks and past performance are not guarantees of future results.

JPMorgan Chase Bank, NA Member FDIC. ©2022 JPMorgan Chase & Co.

Leave a Comment

Your email address will not be published.