Ransomware: Outcome unknown?

Four steps for protecting your company and your customers

It’s a scary thought: going about your daily business when all of a sudden your colleague rushes up to you in a panic saying that a ransomware message is threatening your system, your information, and worst of all, confidential details about your clients or employees. What now?

We’ve all heard of the recent ransomware “WannaCry” attacks that have hit hundreds of thousands of computers in over 100 countries. Ransomware is a malware tool used by hackers to infiltrate networks and encrypt files, holding them for – you guessed it, ransom, all the while locking you out of your computer. With WannaCry, the criminals demanded 300 – 600$ in Bitcoin. It’s difficult to say how many people complied with the demands and received their files back safe and sound, but what’s really terrifying is the sheer scale of this attack. While certain companies claim defenses are getting better, Microsoft estimates that roughly 500 million emails with ransomware downloaders are still being circulated every quarter.[1]

Beyond that staggering statistic it needs to be said, and repeated often: you need to protect your company, your employees and your customers. Regardless of the industry, taking certain steps to reinforce your defenses is key; there are four important things you must do (now!):   

Your employees can be your best defense, or your weakest link.

Ransomware can enter a system via links in emails. All too often, it’s an innocent mistake by an employee opening up an attachment or link that can crash a system and cause a company serious dollars. To avoid this, make sure your employees: 

  • are properly trained on how to identify suspicious emails, links, or files;
  • know who to notify if they come across such suspicious materials; and
  • back-up their information securely, and regularly, should a fellow employee not be so careful.

Be sure to have open conversations about such threats with your employees, so they know what to watch for. This is because hackers can disguise intrusions to make them look familiar, as we’ve seen with the CEO Scam that was circulating a few years ago, and the innocuous-looking USB dropping tactics that have been used before.  

Back up your data and up-date your software

Reportedly, WannaCry was able to infiltrate the U.K.’s National Health Service because the system was not upgraded to the most recent Windows operating system.[2] Windows releases patches to protect such system vulnerabilities, but is evidenced, many companies haven’t adhered to the up-date requests, thus leaving them open to attack. It’s true, that these upgrades may not be able to protect against every threat, but at least you’ll be in fighting shape should an attack try to hit your systems. It’s also important to back up your data frequently, so that when your data is held ransom, you can recover.

Assess the security of your systems

A technical security assessment (vulnerability assessment) done by professional advisors can help provide an overview of your system and suggest ways to optimize your security efforts. A trusted third party is invaluable as they provide an objective eye to ensure your governance, security, and risk management processes are maximized.  These experts will most likely be up to date on the latest exploits used by hackers and can provide you with advice on how to minimize impacts to your organization.

Invest in advanced end-point protection

If you are doing all of the above and still want an added layer of protection, consider investing in advanced end-point protection. Traditional anti-virus software that is signature based is only as good as the updates that the anti-virus vendor can send.  Many organizations are turning to advanced end-point protection solutions aimed at detecting exploits that their anti-virus deployments cannot detect (i.e. “zero-day” exploits). These solutions use techniques such as deep learning and behavioral analysis to detect suspicious activity in real-time. Look for a solution that has demonstrably high detection rates of “zero-day” exploits and that also has a low false positive rate, otherwise your IT security staff will be inundated with sorting through good and bad alerts.


[1] https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx#what

[2] http://www.cnbc.com/2017/05/17/the-wannacry-ransomware-attack-what-businesses-need-to-know-commentary.html

About Richter : Founded in Montreal in 1926, Richter is a licensed public accounting firm that provides assurance, tax and wealth management services, as well as financial advisory services in the areas of organizational restructuring and insolvency, business valuation, corporate finance, litigation support, and forensic accounting. Our commitment to excellence, our in-depth understanding of financial issues and our practical problem-solving methods have positioned us as one of the most important independent accounting, organizational advisory and consulting firms in the country. Richter has offices in both Toronto and Montreal. Follow us on LinkedIn, Facebook, and Twitter.

Expert Showcase