Imagine coming into work one day, firing up your computer and seeing the following message pop up onto your screen:
Your files have been encrypted by TeslaCrypt. Your documents, photos, database and other important files have been encrypted. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
You have 96 hours to submit the payment. If you do not send $18,000 in bitcoins within provided time, all your files will be permanently crypted and no-one will be able to recover them.
This type of "hack attack" is known as ransomware, and incidents in the past year have skyrocketed. In March of this year the U.S. Department of Homeland Security issued a cyber alert warning because of the recent surge in attacks. Thousands of hospitals, government agencies and private businesses, both large and small, have been attacked. In 2015, more than 2,500 cases of ransomware were reported and victims paid over $24 million to attackers.
Private security firms expect the crisis to worsen as hackers become more sophisticated and because a majority of businesses haven't adopted proper security measures.
For dealerships, it's not a matter of if you'll be attacked, but when. We work with many dealerships and have seen (and fortunately have been able to prevent) hundreds of ransomware attack attempts.
How Does Ransomware Work?
Ransomware typically infiltrates a computer network when an employee clicks on an infected email attachment. Emails that are sent by hackers are fairly sophisticated, targeting employees by name and including content that looks legitimate, such as an invoice from a supplier. Many versions of ransomware can circumvent anti-virus or anti-malware programs installed on PCs, especially if they are not kept updated.
Alternately a legitimate looking email will include a link. One example that has circulated is an email that looks like it's from FedEx and includes a tracking number. The employee clicks on the link which leads them to a malicious website. If the employee's computer software has not been "patched" with the most recent software updates, the ransomware can infect the user's computer from the website.
Once inside your dealership's computer network, ransomware lies dormant for a period of days or even weeks...until it doesn't. Back-ups of your data performed during this period of dormancy will also back-up the ransomware. Once the ransomware goes "live," your most recent back-ups will also be encrypted, so it will be impossible to restore your files from your most recent back-ups.
At this point you have two miserable choices. Lose years worth of files and data or pay the ransom. The majority of hackers demand the ransom in bitcoins, a form of electronic currency that's untraceable.
The Only Offense is Defense
The only way to stop a ransomware attack is prevention. Here are three recommendations that will help your dealership:
1) Notify employees. All employees should be aware of the dangers of ransomware. Under no circumstances should employees click on an email link or download an email attachment from a source they are not familiar with.
2) 90-day backup retention. Most dealerships back up their data, but typically back ups are stored for a period of seven to 30 days. We recommend back up retention of 90 days. Also, all backups should be stored in a separate, isolated location that's not connected to your computer network. Backing up to the cloud is more secure than backing up to an internal server.
3) Install anti-virus and anti-malware software on every PC. Once installed, be sure to keep the software updated (setting it to auto updates is best)! The brand we currently recommend is Webroot. We have seen Webroot repel hundreds of ransomware attacks.
4) Keep your Microsoft Operating Software on all PCs updated. Many dealerships don't regularly update their OS software, which increases vulnerability to attacks.
If Your Dealership is Attacked
If your dealership has been victimized by ransomware, contact your local FBI field office and report the incident to the Bureau's Internet Crime Complaint Center. The FBI doesn't support paying a ransom because there's no guarantee that you will get your data back. In some cases, businesses have paid the ransom and never received their decryption key.
The growing ransomware threat is real and dangerous. The good news is, protecting your dealership's data isn't difficult or expensive. It's just a matter of knowing what to look out for and staying vigilant.