City cyber security expert explains ransomware attacks

Troy Shantz

Dozens of local businesses and organizations have been hit by ransomware attacks and many more are vulnerable, a local IT expert says.

“On average, I would say businesses lose two days (of productivity) if things are good. I know businesses locally that have lost weeks,” said Hans Study, a partner in the IT security firm Layer 0 Security Inc.

“(They) can’t deliver products; their operation comes to a standstill.”

Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid. It’s spread through phishing emails or when someone unknowingly visits an infected website.

Attacks can come from teen hackers, disgruntled employees or sophisticated agents operating out of massive call centres in India or Russia, Study told a meeting of the Sarnia Tech Community.

Hospitals, charities and municipalities are also popular targets for cyberattackers, he said.

Hans Study, a Sarnia IT expert, shares some of his experience in dealing with Ransomware at the November Sarnia Tech Community meet-up. Troy Shantz

The City of Burlington was taken for $500,000 in May by a hacker acting as a trusted vendor updating banking information, according to media reports.

A similar scam cost Ottawa $100,000 when the treasurer transferred funds after receiving a fraudulent email that appeared to come from the city manager.

The City of Stratford paid hackers $75,000 in April after ransomware jammed that city’s email and telephone systems and impacted website functions for two weeks.

Study is one of four partners in Layer0 Security, which specializes in ransomware and network defence. The company is hired to protect computers and find their vulnerabilities before malicious hackers do, he explained.

When a business or organization’s data is seized the impact can be devastating. About 60% of small businesses afflicted by ransomware attacks shut down within six months, Study said.

Sometimes, he added, it’s easier just to pay the ransom, despite what the RCMP and OPP advise.

Ransomware and other malware typically arrive as an email attachment from someone masquerading as a trusted institution, such as a bank or cell phone provider.

A single keystroke is all it takes to unleash software that effectively makes network and computer data unusable.

“Unless you’re expecting an email, don’t click on it,” he said.

When a ransom is paid, often in Bitcoin, the attacker sends instructions on how to retrieve the seized data. But there are no guarantees, Study said.

Some hackers simply have no idea how to decrypt it, and others will repair certain files and request more money to release the rest.

What’s more, confidential data including personal information, health records or Social Insurance Numbers are potentially exposed, even after being restored by hackers. When businesses haven’t maintained a level of security over confidential info they can be slapped with government fines, Study said.

Companies and individuals can protect themselves by backing up their data offline to an external hard drive, USB stick or archival-grade DVDs, he explained.

Use good antivirus software and install updates promptly, he added.

“There’s so much risk now because everything is on computers. You have to take a step back and go, ‘OK, does this actually need to be on a computer? Is there a different way to store this?’”