Illustration of computer wrapped in chains and hand extending from screen (State Dept./D. Thompson)
(State Dept./D. Thompson)

Business runs on data, so threats to that data by hackers are threats to profits.

Over the last few years, large and small corporations experienced sharp increases in incidents of hackers capturing data and trying to extort payment for its release.

The software that accomplishes this crime is known as ransomware. It’s one of a number of cyber crimes that are on the rise. According to Melissa Hathaway, an expert in cybersecurity, ransomware was first reported in 1989. Over the intervening years, it has become more sophisticated and more profitable.

“Now there [are] probably more than 20 different types of ransomware out there,” Hathaway said. “Ransomware has become more prevalent in the last two to three years because it’s gotten better. The hackers know how to lock up your data. And most people don’t keep backups, so they are paying the ransom in order to get their data back.”

The most common means of payment demanded of victims is bitcoin, a virtual currency that has no central repository or central administrator and is untraceable.

Although the FBI recommends not paying the ransom in such attacks, Hathaway says many victims do, thereby keeping this crime profitable for the perpetrators. “Less than 40 percent of those people who pay get their data back,” Hathaway said.

The NotPetya ransomware virus affected computer systems of several large corporations during the summer of 2017. FedEx Corporation had to curtail its business in Eastern Europe, according to Hathaway. Maersk Line, the world’s largest container-shipping company, reported losses of $300 million from ransomware attacks.

Lloyd’s of London predicted the economic effect of a future major cyber attack could rise to $53 billion.

How to stop an attack

Hathaway gives the same advice to individuals that she gives to large corporations: “Your best hope is to make sure you have a backup of all your data on either a near-continuous basis, depending what business you’re in, or certainly daily. If you’re an individual, it’s whatever your risk tolerance is. I back up my data a minimum of once a week.”