Yet Another COVID-19 Casualty

I recently got a call from my friend Bill, who runs an accounting firm. “Maurice,” he said, “my friend Jane really needs your help. Things aren’t going well.”

For a moment, especially given the pandemic, I wondered if Bill had called me by mistake. After all, I’m not a doctor; I run a company that specializes in network and security services for small businesses.

Hearing the alarm in my voice, Bill quickly explained that Jane’s health was just fine—but her business was on the rocks.

Now, you might be wondering what COVID-19 has to do with a struggling business.

Where there’s an opportunity, cybercriminals will find ways to exploit it. There’s no event too tragic to deter them—not even a global pandemic that has caused over a million deaths worldwide.

And COVID-19 has presented them with a golden opportunity. In a matter of weeks, millions of employees in the U.S. went from secure office environments to working from home. Some employers were able to adapt their security measures quickly. But others didn’t have the resources to adjust—or they were so focused on figuring out how to keep their business afloat that security took a back seat.

Jane ran a small, thriving property management company with half a dozen employees.

When the office closed due to COVID-19, she asked everyone to continue working from home. But she wasn’t aware of the increased risks that using home networks brought. And, as with over half of all small business owners, she thought of her company as “too small” to be an appealing target for hackers.

You can probably guess what happened next. Attackers swept in, taking advantage of a weakness in Jane’s digital defenses. Using a crypto virus, they took all of her data hostage. Then they asked for an $8,000 ransom.

Jane was taken aback by the amount. Unsure if she should pay, she instead scrambled to make things work using what data she could find in her email account. She remembered that Bill, her accountant, might have some of her financial data, so she contacted him. That’s when Bill reached out to me.

Without a secure backup copy of her data, I explained to Bill, the only way for Jane to get her data back would be to pay the ransom.

But even if she had the money to pay a ransom, it’s not as simple as just arranging for bitcoin to be transferred to the hackers.

For one, cybercriminals often exploit businesses’ desperation by asking for more money. If a business hesitates to pay, they may increase the amount of their initial request. And once the first ransom is paid, they take a look at the files and then claim that more money is needed to transfer all of them, stringing their target along for additional payouts.

Critically, ransom strategies have evolved, and paying the ransom isn’t always enough to avoid problems. Some hackers now make their own copies of personal data to sell on the dark web, wreaking havoc on a business’s reputation and opening them up to fines, penalties, and regulations.

Worse still, ransom payments to foreign nationals may run afoul of regulations created by the Department of the Treasury. In legal terms, this is a “strict liability” situation—meaning that even if a business doesn’t know that the recipient of the ransom is sanctioned by the U.S. government, they can still be fined.

Jane was devastated. Ultimately, she couldn’t afford to pay the ransom—especially since there was no guarantee that her clients’ data wouldn’t be leaked anyhow—and she decided to shut down her business.

Later, Bill asked me privately if there was anything Jane could have done to save her business.

The answer is a resounding yes—but she needed to be proactive, not reactive.

The first step would have been to ensure that the company used a cloud-based backup system so that they would have access to their data no matter what.

An active, continuously updated antivirus program would have detected the ransomware threat and stopped any employees from opening files they shouldn’t.

Finally, an efficient firewall would have served as a fail-safe in case the antivirus program didn’t detect the ransomware. No one should have remote access to your network unless it’s through a VPN, and your firewall should be updated to match those requirements.