(Photo by Julia Airey)
Michael DePalma wanted to teach the crowd a lesson.
He was presenting to an IT audience in New Jersey, a group, he said, that seemed to think they’d never fall victim to malware.
So DePalma, a sales executive from Connecticut-based data recovery company Datto, hired a model to represent a (fake) company and hand out free flashdrives at an event. He used one of the flashdrives to load his presentation, only to have (fake) ransomware infection spread from the USB and seize his laptop in front of event attendees. He said the audience was stunned when they looked down and realized they had all grabbed a free thumbdrive as well.
DePalma told this story at Wednesday’s “Drinks and Data Thieves” event, hosted at the office of Tysons Corner-based technology services company Ntiva. The event was meant to educate #dctech about ransomware, a type of malicious software that hackers use to encrypt your data hold it hostage until you pay up. Businesses learned how to minimize data loss and downtime – and avoid paying ransoms.
Tere are four million variations of ransomware, DePalam said, citing a stat from the U.S. Computer Emergency Readiness Team. And it’s serious business: CNN reported hackers used ransomware to extort $209 million in the first three months of 2016 alone. Now that there’s an estimated 4,000 daily attacks, DePalma predicts hackers could net half a billion.
So how can businesses safeguard themselves?
DePalma said it’s about prioritizing data continuity and employee education. In other words, invest in local and multiple off-site backup options, use image-based backups and teach your employees about malware.
The last point was especially salient as high-profile data issues occur because, as the IT adage goes, “at least one employee will click on anything.” Phishing emails or websites can invite ransomware in, leading to company data loss and business downtime.
“For all that we’re really smart, we can do a lot of dumb things,” DePalma said. (He recommends reminding employees to check links to suspicious FedEx or Netflix messages before clicking.)
This is part of a larger idea DePalma seemed to advocate: that protecting data means businesses need to be more vigilant.
It’s a sentiment shared by Ntiva. The company’s client relationship manager, John Flaherty, told us, “Over the last two years, the incidents have really exploded. You have to be more vigilant than ever.”
This is because hackers no longer target only wealthy marks.
“In my cellphone, I have pictures of my two beautiful daughters,” DePalma explained to the audience. “Those aren’t worth money, but they’re valuable to me.”
According to him, most victims are small businesses or individuals, ransomed as little as $800 to $1,200. So the number of attacks is incredible considering the $325 million netted last year by ransomware hackers.
DePalma told us that ransomware specifically targeting mobile devices is “going to be the next wave.”
During the Q&A session, the audience asked about ransomware recidivism. How many people are hit again?
Ntiva CEO Steven Freidkin said it’s a matter of how serious clients take the advice to invest in backup and security. Of the 38 Ntiva clients hit with ransomware last year, Freidkin said two were hit again. The first had invested in backups and wasn’t affected. The second client chose to pay up.
“We had to go to a seedy place to exchange the cash into bitcoin. I had the pleasure of doing that because I didn’t want my employees to die,” Freidkin joked.
Another of the audience’s favorite moments was when DePalma simulated a server fire by igniting flash paper – a representation of how data can go up in flames during a real fire.
According to Flaherty and Freidkin, Ntiva is now planning an event like Drink and Data Thieves every quarter.-30-
Events Roundup: Tune in to the Northern Virginia Tech Council’s new data science series
What does the future hold for cyber startups in the DMV?
Reston’s ThreatQuotient raised $22.5M amid increased enterprise attention to cybersecurity
Will US reform help Americans ‘own’ their data — and help businesses protect and recover it?
Sign-up for daily news updates from Technical.ly Dc