The world recently experienced an unprecedented global cyber-attack that targeted the public and private sectors, encrypting and locking electronic files. So far, it is estimated that hundreds of thousands of entities worldwide were victims of WannaCry ransomware; and just as WannaCry is subsiding, a new attack, Adylkuzz, is taking its place, crippling computers by diverting their processing power. Now the world needs to begin building a Cyber Defense Arsenal.
In May 2017, the world experienced an unprecedented global cyberattack that targeted the public and private sectors, including an auto factory in France, dozens of hospitals and health care facilities in the United Kingdom, gas stations in China and banks in Russia. This is just the tip of the iceberg and more attacks are certain to follow. As this experience shows, companies of all sizes, across all industries, in every country are vulnerable to cyber-attacks that can have devastating consequences for their businesses and operations.
THE MALWARE FAMILIES
Exploiting vulnerabilities in Microsoft® software, hackers launched a widespread ransomware attack targeting hundreds of thousands of companies worldwide. The vector, “WannaCry” malware, encrypts electronic files and locks them until released by the hacker after a ransom is paid in untraceable Bitcoin. The malware also has the ability to spread to all other computer systems on a network. On the heels of WannaCry, a new attack called “Adylkuzz” is crippling computers by diverting their processing power.
The most prevalent types of ransomware found in 2016 were Cerber and Locky. Microsoft detected Cerber, used in spam campaigns, in more than 600,000 computers and observed that it was one of the most profitable of 2016.
Spread via malicious spam emails that have an executable virus file, Cerber has gained increasing popularity due to its Ransomware-as-a-Service (“Raas”) business model which enables less sophisticated hackers to lease the malware.
Check Point Software indicated that Locky was the second most prevalent piece of malware worldwide in November 2016.
Microsoft detected Locky in more than 500,000 computers in 2016. First discovered in February 2016, Locky is typically delivered via an email attachment (including Mocrosoft Office documents and compressed attachments) in phishing campaigns designed to entice unsuspecting individuals to click on the attachment. Of course, as the most recent global attacks demonstrate, hackers are devising and deploying new variants of ransomware with different capabilities all the time.
THE RISE OF RANSOMWARE ATTACKS
The rise in ransomware attacks is directly related to the ease with which it is deployed and the quick return for the attackers. The U.S. Department of Justice has reported that there was an average of more than 4,000 ransomware attacks daily in 2016, a 300 percent increase over the prior year. Some experts believe that ransomware may be one of the most profitable cybercrime tactics in history, earning approximately $1 billion in 2016. Worse yet, even with the ransom paid, some data already may have been compromised or may never be recovered.
The risk is even greater if your ransom-encrypted data contains protected health information (PHI). In July 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (HHS/ OCR) advised that the encryption or permanent loss of PHI would trigger HIPAA’s Breach Notification Rule for the affected population, unless a low probability that the recovered PHI had been compromised could be demonstrated. This means a mandated investigation to confirm the likelihood that the PHI was not accessed or otherwise compromised.
According to security products and solutions provider Symantec Corporation, ransomware was the most dangerous cyber-crime threat facing consumers and businesses in 2016:
The majority of 2016 ransomware infections happened in consumer computers, at 69 percent, with enterprises at 31 percent.
THE BEST DEFENSE IS A GOOD OFFENSE
While no perfectly secure computer system exists, companies can take precautionary measures to increase their preparedness and reduce their exposure to potentially crippling cyber-attacks. While Microsoft no longer supports Windows XP operating systems, which was hit the hardest by WannaCry, Microsoft has made an emergency patch available to protect against WannaCry. However, those still using Windows XP should upgrade all devices to a more current operating system that is still fully supported by Microsoft to ensure protection against emerging threats. Currently, that means upgrading to Windows 7, Windows 8 or Windows 10.
Even current, supported software needs to be updated when prompted by the computer. Those ANALYSIS - WILSON ELSER who delay installing updates may find themselves at risk. Microsoft issued a patch for supported operating systems in March of this year to protect against the vulnerability that WannaCry exploited. Needless to say, many companies did not bother to patch their systems in a timely manner.
Ransomware creates even greater business disruption when a company does not have secure backups of files that are critical to key business functions and operations. It also is important for companies to back up files frequently, because a stale backup that is several months old or older may not be particularly useful. Companies also should make certain that their antivirus and anti-malware software is current to protect against emerging threats.
In addition, companies need to train their employees on detecting and mitigating potential cyber threats. Employees are frequently a company’s first line of defense against many forms of routine cyber-attacks that originate from seemingly innocuous emails, attachments and links from unknown sources. Indeed, many cyber-attacks can be avoided if employees are simply trained not to click on suspicious links or attachments that could surreptitiously install malware.
Last but not least, companies should consider purchasing cyber liability insurance coverage, which is readily available. While cyber policies are still evolving and there are no standardized policy forms, coverage can be purchased at varying price points with different levels of coverage.
Some of the more comprehensive forms of coverage provide additional “bells and whistles” such as immediate access to preapproved professionals that can guide companies through the legal and technical web of cybersecurity events and incident response.
Other cyber policies afford bundled coverages that may include:
For additional information about the rise of ransomware and other cyber threats, and what companies can do to mitigate their risk, contact Partner Anjali Das, Co- Chair of Wilson Elser’s national Cybersecurity & Data Privacy practice, or Of Counsel Kevin Scott.
About the Authors:
Anjali Das, Partner, Chicago, is co-chair of Wilson Elser’s Cybersecurity & Data Privacy practice and a member of the Information Governance Leadership Committee. In addition, she serves as a coordinating partner for the firm’s Directors & Officers Liability practice and a member of the Diversity Committee. Anjali has nearly two decades of experience representing insurers in connection with professional liability insurance coverage matters and claims involving accounting, finance and other complex business issues. Anjali represents the interests of U.S., London and Bermuda-based primary and excess insurers in high-exposure claims against directors and officers of public and private companies, nonprofit boards, financial institutions, investment banks, insurance companies, mortgage brokers, bank and custodial trustees, and ERISA plan fiduciaries. 312.821.6164 firstname.lastname@example.org
Kevin Scott, Of Counsel, Chicago, focuses his practice on data security, privacy breach response (pre- and post-event), payment card industry (PCI) standards and investigations; GLBA, FERPA, COPPA, CalOPPA, and HIPAA/HITECH compliance; and advising clients in identifying, evaluating and managing first- and third-party data privacy and security risks. Kevin frequently advises clients on compliance with state, federal and international laws and regulations. He is an integral member of Wilson Elser’s breach response team, quickly bringing lawyers, clients, and forensic and breach response vendors together to optimize response time and effectiveness. Kevin has handled numerous breaches for small and large entities, including merchants, financial institutions, medical providers and educational institutions, successfully reducing public and regulatory scrutiny and protecting clients’ reputations. 312.821.6131 email@example.com
John Busch, Associate, Houstan, assists clients and firm practices in all areas of insurance litigation, including general liability and casualty, premises liability, product liability, toxic tort and data security. John has litigation experience in state and federal court, and he has provided counsel at all phases of litigation and trial. John regularly represents corporations and individuals in a wide range of personal injury litigation from initial case development to trial. John has assisted clients from product manufacturers to premises owners in defense of all types of personal injury claims. 713.353.2023 firstname.lastname@example.org