Subscribe Sign In
Arkansas Business
Opinion & Analysis

Ransomware, and a Particular Set of Skills

Aaron Gamewell Expert Advice

by Aaron Gamewell
Monday, Jun. 6, 2016 12:00 am   3 min read
Ransomware, and a Particular Set of Skills

In the movie “Taken,” Liam Neeson’s character gets a frantic call from his daughter as she is being hunted by kidnappers. When they capture her, one of the bad guys takes her cellphone and holds it up to his ear. The kidnapper is breathing heavily but says nothing.

Neeson’s character says, “I don’t know who you are. I don’t know what you want. If you are looking for ransom, I can tell you I don’t have money. But what I do have is a very particular set of skills. Skills that I have acquired over a very long career. Skills that make me a nightmare for people like you. If you let my daughter go now, that’ll be the end of it. I will not look for you; I will not pursue you. But if you don’t, I will look for you, I will find you and I will kill you.”

This is an Opinion

We'd also like to hear yours. Leave a comment below, tweet to us at @ArkBusiness or
email us.

Silence falls over the phone until the kidnapper says “good luck” and ends the call. If you don’t know the rest of the story, Neeson’s character goes through some high action fight scenes, tracks down and kills a bunch of bad guys and finally saves his daughter.

Ransomware is equivalent to a gang of bad guys kidnapping your loved one and demanding money. Even if you had a “very particular set of skills,” bad guys who use ransomware are nearly impossible to find because of the ability to hide behind a labyrinth of IP addresses and never-ending cyber networks.

Ransomware is a trending type of malicious software — malware — that encrypts files and data on your computer and requires a ransom for the encryption key. The ransom is usually paid by bitcoin, an untraceable form of currency.

Just like most cyber-attacks, a ransomware attack normally starts with social engineering tactics such as “spear phishing.” The attacker will engage the recipient by sending an email with an enticing link, pop-up or attachment. Once the user clicks or opens an attachment, the attacker takes control of the user’s computer and looks to infiltrate the network further.

Ultimately, the attacker is looking to lock down and encrypt all of your data — everything from customer information to bank records and confidential documents. All the files that you need to continue operating as a business are now inaccessible.

The next message you see on your computer screen or in the documents file folder is a ransom demand. If you want access to your data, pay the ransom or else. In some cases, the hackers will try to embarrass you by putting lewd or pornographic photos on your screen.

Do you pay the ransom? How can you trust that the attacker will actually release the information? There have been instances where the ransom was paid and the hackers did not or could not return the data or restore the systems.

What if you don’t pay the ransom? How long can you go without vital operational records? The Canadian Broadcasting Corp. reported on Feb. 26 that a California hospital paid $17,000 for a decryption key when it was locked out of its systems by hackers. The hospital was without vital operational records and devices for two weeks.

Experts agree that you should not pay the ransom. Instead, protect yourself and your organization by having proper security protocols, firewalls and daily backups. Controls such as firewalls can help prevent intrusion, and backups ensure that data can be restored quickly and efficiently. Invest in penetration testing and vulnerability assessments from a trusted cyber security firm to validate your safeguards’ effectiveness.

In “Taken,” Neeson’s character was a highly trained professional who protected people for a living. However, because Neeson could not control the decisions that his daughter was making that put her in a bad situation, he could not stop the kidnapping. This is much like the employees of your organization. You can have all the bells and whistles for IT security, but if employees make it easy for bad guys, they bypass all the expense and security controls.

It is highly recommended that organizations heavily invest in security awareness education and testing for their employees. These education programs should include a repeatable testing process to verify that the training is effective.

A ransomware attack does not have to have the drama and excitement of an action movie if you make a commitment to invest in good security risk management practices and protect your business.

Aaron Gamewell of Little Rock is president and chief operating officer of Secure Banking Solutions, with headquarters in Little Rock and Madison, South Dakota. Call him at (605) 270-3865 or email Aaron.Gamewell@ProtectMyBank.com.

In This Story

Aaron Gamewell, Secure Banking Solutions
Editors' Picks
Whispers
Former Crain Automotive Exec Demands $5M in Lawsuit This article is available only in print.
Former Crain Automotive Exec Demands $5M in Lawsuit
Spotlight
Polk County's Ambitious Plan to Expand Tourism
Polk County's Ambitious Plan to Expand Tourism
Cover Story
Pedaling Progress: Bentonville's Evolution as a Global Cycling Hub This article is available only in print.
Pedaling Progress: Bentonville's Evolution as a Global Cycling Hub
Spotlight
Gearhead Riding High Again: Looking Back on 27 Years With Ted Herget This article is available only in print.
Gearhead Riding High Again: Looking Back on 27 Years With Ted Herget
Technology
GoodChange Aims to Bring Good Change to Fundraising
GoodChange Aims to Bring Good Change to Fundraising
Whispers
Hire Attitude and Train Skills: Gearhead Outfitter's Bottom-Up Management Style This article is available only in print.
Hire Attitude and Train Skills: Gearhead Outfitter's Bottom-Up Management Style
Energy
Exxon Mobil Dives Into South Arkansas
Exxon Mobil Dives Into South Arkansas
Restaurants
Board Game Cafe Coming to NLR
Board Game Cafe Coming to NLR
Whispers
Cannabis Connections: Medical Marijuana Businesses That Use Management Firms
Cannabis Connections: Medical Marijuana Businesses That Use Management Firms
Spotlight
Arkansas Insurance Department Protecting Arkansans, Licensing Insurers & Investigating Fraud
Arkansas Insurance Department Protecting Arkansans, Licensing Insurers & Investigating Fraud
Spotlight
Flats at SoMa: VA Hospital-Turned-Housing Redevelopment Set to Open Summer 2024
Flats at SoMa: VA Hospital-Turned-Housing Redevelopment Set to Open Summer 2024
Spotlight
Medicaid Fallout: Insurers, MCOs in State Adjust to Loss of Enrollees
Medicaid Fallout: Insurers, MCOs in State Adjust to Loss of Enrollees
Education
Heifer International: Deal to Sell Headquarters Fell Through
Heifer International: Deal to Sell Headquarters Fell Through
Education
Chuck Welch to Leave ASU System, Become CEO of the American Association of State Colleges
Chuck Welch to Leave ASU System, Become CEO of the American Association of State Colleges
Energy
Exxon Mobil to Begin Lithium Drilling This Month Near Magnolia
Exxon Mobil to Begin Lithium Drilling This Month Near Magnolia
Public Companies
Tyson Foods Posts Fiscal Q4 Loss; EPS Beats Street Forecast
Tyson Foods Posts Fiscal Q4 Loss; EPS Beats Street Forecast
Cover Story
Arkansas Universities Offer Tuition-Free Programs Amid 'Last Dollar' Trend
Arkansas Universities Offer Tuition-Free Programs Amid 'Last Dollar' Trend
Get 9 Weeks of Arkansas Business for free.
This Week's Edition
This Week's Stories View Digital Edition
Subscribe to the Print Edition.

Most Read