SEC Registrants: Beware Ransomware

As the world continues to rely more and more on technology to complete manual tasks and store critical and sensitive data, the threat to these systems grows as well.  One such threat is ransomware, which is rapidly becoming one of the most popular and formidable types of cyberattack.  According to Malwarebytes, ransomware is a “threat that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.”

The SEC, through the Office of Compliance Inspections and Examinations (OCIE), has observed an increase in tactics and complexity of ransomware attacks on SEC registrants and therefore felt it prudent to release a security alert. According to The Coveware Quarterly Ransomware Report, the average ransom payment leapt 60% from Q1 2020 to Q2 2020, and has been steadily climbing trend since 2018. Professional and financial Services, real estate, and the public sector account for 54.6% of the industries targeted by ransomware in Q2 2020.  These sectors are targets due to the amount of confidential data they possess, which translates to larger ransoms that adversaries can request for the return of such data.

Ransomware attacks are often carried out by fraudulent emails with infected attachments or links.  There are a few forms of ransomware attacks, including scareware, screen lock, and encrypting ransomware. 

• Scareware may sound threating, but as far as ransomware attacks it is the least severe. This form of attack causes pop-ups to appear on your screen claiming your system is compromised and you must pay to have the threat removed.  While this attack bombards you with pop-ups your files remain essentially safe.
• A screen lock attack is what it sounds like. Upon booting your system up, a full-size window appears on your screen that informs you that payment is required to unlock your computer.  Often, the full-size window is accompanied by an official looking FBI or Department of Justice seal. 
• The most dangerous form of ransomware is encrypting ransomware. In this form of attack, the attackers steal your files and encrypt them and demand payment to unencrypt the files.  The reason this form of attack is so dangerous is that once your files are encrypted, they’re gone unless you pay the ransom. However, even if you do pay the ransom, there is no guarantee that the attackers will redeliver the files.

In order to defend against such attacks, it is important that employees are trained and vigilant to recognize fraud attempts.  Other important steps to take are limiting user access as appropriate to systems and ensuring that your firm’s cybersecurity practices are up-to-date.  As potential attackers get more sophisticated, it is imperative to be proactive regarding cybersecurity.  Don’t wait until you fall victim to a ransomware attack.