malware cautionary tales for business

3 Malware Cautionary Tales (and how to Avoid Becoming the Next one)

Malware attacks. They’re no good. We shouldn’t have to point that out. But it doesn’t mean plenty of companies haven’t learned the hard way just how destructive malware can be.

Here are three recent examples of malware attacks, their disastrous results, and a few quick tips on how to avoid becoming the next cautionary tale.

Uber paid $100,000 in hush money to hackers

The rideshare giant paid the money out in October of 2017 in an attempt to keep hackers quiet about accessing information on more than 57 million users. 7 million of those were drivers. The other 50 million were customers using the service. Already the story has become a “don’t pay the hackers” cautionary tale.

While companies often pay ransomware demands to regain access to their sensitive data, Uber went about things in a different way. They apparently paid hackers to erase compromised and copied data, as well as keep quiet about it. If that sounds like a bad idea, well… the fact that we’re writing about it serves as proof.

The response led to the firing of two individuals in the company.

The takeaway:

If your network is compromised, don’t try to hide it. Worse, don’t PAY to hide it. The truth will come out, and the damage to your reputation will be worse than that done by the breach alone.

Instead, develop a confident backup and data recovery plan and show competence in your response. A little honesty and humility go a long way in showing your customers and clients your competence and integrity.

NotPetya attack cost shipping giant Maersk $300 million

The NotPetya ransomware attack infected Maersk and other Ukrainian companies by exploiting a common program used to do taxes in Ukraine. The program, MeDoc, had backdoors into its user’s systems and supplied users with automatic updates that spread the virus. Companies from the UK to the Netherlands were also affected.

But Maersk was by far the biggest horror story that resulted. When the program shut down multiple IT systems across their network, it resulted in backups at 76 shipping ports that used Maersk’s freight loading services.

Amazingly, the company does not appear to have experienced any data loss, and was able to contain the virus to the degree that 6 of its 9 subsidiaries kept full functionality.

Still, the resulting lost revenue from the shutdown of the 3 remaining subsidiaries has massively affected the entire company’s finances in the three business quarters that followed, to the tune of an estimated $300 million.

Imagine if their data had been successfully ransomed?

The takeaway:

A simple interruption of operations is enough to massively impact your business’ bottom line. That’s why it’s crucial to vet any software or systems that will have the ability to access your system without admin parameters. It’s also crucial to perform routine security scans in order to avoid becoming the next MeDoc to your clients.

If it can happen to a giant conglomerate corporation, it can happen to your organization, too.

WannaCry affected 75,000 computers using tools stolen from the NSA

Yes, you read that correctly. The massive WannaCry ransomware epidemic of late last year was built from tools stolen from the National Security Agency.

Let that sink in for a moment.

The attack focused on a wide variety of organizations, from medical offices to schools to government agencies. Ironically, the attacks mostly did not affect computers with automatic Windows updates enabled, as Microsoft scrambled to create a patch blocking the malware’s access.

The takeaway:

UPDATE YOUR DEVICES! That is, assuming you’ve vetted your software and you monitor your network properly. Updates often target known and coming malware vulnerabilities, and can prevent them before they happen.

Even government agencies are vulnerable to cyber attacks. But SMBs are targeted by 43% percent of all malware attacks, meaning your business is probably far less “under the radar” than you might think. Act accordingly.

The ultimate takeaway

Malware and Ransomware are widespread, and they’re here to stay. But it isn’t all bad news. There are a variety of approaches you can take to limit your exposure. These include security features on your network, professional network oversight, email opening policies and training for employees, and a professional disaster recovery plan.

Waiting until malware affects your system to prepare for it can massively increase damages and losses. It’s crucial to be prepared and seek out professional help. In a world where even the NSA cannot guarantee 100% protection, how could it make sense to take on network security without the help of an experienced professional?