A ransomware attack against the San Francisco light rail transit system took its ticket machines offline all day this past Saturday during Thanksgiving weekend - one of the busiest shopping weekends of the year in the United States. The San Francisco Municipal Transportation Agency - often known simply as "Muni" - reported that starting on Friday night, agents' computers displayed the message "You Hacked, ALL Data Encrypted." The agency, however, refused to pay the ransom of 100 bitcoins (about $73,000) demanded by criminals, and instead allowed passengers to ride for free while its IT team worked to restore its ticketing systems to normal operation, which they successfully did by Sunday.
This episode offers several important lessons for small business owners and consumers:
1. Ransomware is a serious cyber-threat to which many people remain oblivious
As I noted in an article entitled 5 Reasons Why Ransomware Attacks on Businesses Are About to Get Much Worse, half of the people interviewed for a survey conducted last year did not understand what ransomware was, and nearly a third thought of the folks who had not been already harmed by ransomware believed that it was unlikely that they would ever be harmed. And who is actually vulnerable? As Amichai Shulman, CTO of Imperva, phrased it, any organization "that uses computers and hires people."
2. Ransomware can completely disrupt operations
The ransomware that hit Muni completely disrupted the agency's ticketing system and impacted other internal functions such as email. While Muni was lucky that the ransomware did not impact any systems used to run its actual transportation systems (buses, light rail trains, cable cars, etc.), if you get infected, you may not be so lucky - ransomware has been known to bring business operations to a complete halt.
3. Ransomware can inflict serious financial damage
While Muni could afford to let riders ride free for a day, your business might not be able endure the loss of revenue resulting from offering your goods and services for free during a disruption. As a result, you may not be able to wait for your IT team to clean away the ransomware and to restore systems from backups - if you get infected, you may be forced to pay expensive ransoms.
4. Ransomware cleanup may be impossible due to the urgent needs for access to systems and data
If you have mission critical systems that cannot be offline without severely impacting you or your business, you may not be able to wait until an IT team cleans up a ransomware mess - which takes time. This has already been the case at several hospitals, and, I wonder if Muni would have paid the criminal-demanded ransom had its actual transportation-management systems been hit, forcing actual service disruptions.
5. Ransomware is a growing epidemic.
As I noted in the piece mentioned above, the problem of ransomware is likely to get worse over the upcoming years, not better. Furthermore, earlier this year the FBI noted that the number of Americans losing money to ransomware is increasing; in 2016, we also saw the first functioning Mac ransomware. This might be a good time to verify that you are properly securing your business and personal information systems.