Ransomware: Sorting Out the Details

With the recent stories of guests getting locked out of hotel rooms – or, in some reports, guests being locked in hotel rooms – it is hard to sort the fact from the fiction. A few weeks ago an Austrian hotel’s computer system was attacked by hackers. After all the dust settled, the truth about the attack was revealed and early reports of guests being held hostage in their hotel rooms was unfounded. The hackers were not interested in holding guests hostage, but were interested in disrupting the hotels business and holding the computer systems hostage. The hackers knew that the property management system is at the heart of the hotel’s operation, and without it the hotel would be crippled and unable to operate.

Hotels are a prime target for this type of attack which involves the deployment of ransomware. The United States Department of Justice Federal Bureau of Investigation (FBI) defines ransomware as a “type of malicious software designed to block access to a computer system until money is paid” (FBI, 2015). Hackers have attacked critical computing systems in hospitals, police departments, transportation systems, emergency systems, school districts and public libraries.

According to a study published by IBM, 70 percent of businesses infected with ransomware have paid the ransom with half paying over $10,000 USD to regain control of their computer systems (IBM, 2016). Legal authorities advise against paying the ransom, but realize there are many factors involved in the decision process. Most businesses would prefer to regain access to their critical computing systems by paying the ransom rather than waiting through a lengthy investigation process.

There are several steps a business can take to prevent a ransomware attack. The following is a list of recommendations provided by experts from the IBM X-Force, a group of individuals with expertise in commercial security.

  • Be Vigilant. If an e-mail looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
  • Backup Your Data. Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
  • Disable Macros. Document macros have been a common infection vector for ransomware in 2016. Macros from e-mail and documents should be disabled by default to avoid infection.
  • Patch and Purge. Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access.

These same principles can be utilized to protect your personal data. Individuals are often victims of ransomware attacks in which hackers look to block access to financial data and personal photos. Most people will consider paying the price to regain access to family photos, wedding pictures, first birthdays, etc.

In this modern age, having a computer system down simply cripples a business. There was a day when we did not depend on computers for everything, but many front-line employees at hospitality businesses have not been trained to properly handle a computer outage. The first line of defense is to properly train employees to prevent an attack from occurring and secondly to train employees on how to handle an attack. The following advice is provided by the FBI on what to do if your computer systems are infected with ransomware.

  • Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives.
  • Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage and prevent worsening conditions.
  • Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
  • Contact law enforcement immediately upon discovery to report a ransomware event and request assistance.
  • If available, collect and secure partial portions of the ransomed data that might exist.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.
  • Delete registry values and files to stop the program from loading.
  • Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.

For further information on ransomware attacks and how to protect your business, please visit the following links.

Sources

Tanya Venegas, MBA, MHM, CHIA is the executive director at the HFTP Americas Research Center at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston. Contact Tanya via email at tmvenegas@uh.edu or via phone at 713-743-1839.

You May Also Like

About the Author: Tanya Venegas