Protect Your Shop From the Threat of Ransomware

Printed in Autobody News

With an alarming increase of ransomware attacks plaguing the collision repair industry, cybersecurity has become an important topic for shop owners to educate themselves on for the safety of their businesses.

A type of cybersecurity risk, ransomware attacks are when someone seizes control of an organization’s computer system or digital information, agreeing to release it only after a ransom has been paid.

Ransomware is typically spread through phishing emails with malicious attachments or by visiting an infected website, but shops have also been hacked through open ports. After infecting the victim’s system, the ransomware virus encrypts every data file it finds and displays a demand for ransom, usually in untraceable cryptocurrency, in exchange for the decryption keys needed to restore the locked files. Failure to pay the ransom leads to those keys being discarded, which makes the data permanently inaccessible.

One component of ensuring a shop is protected involves acquiring and maintaining adequate insurance. In Autobody News’ August editionDavid Willett, general manager of the automotive industry at Intrepid Direct Insurance, shared, “This is happening to other industries, but it’s becoming more frequent in our industry. The number of automotive repairers with cyber risk coverage in their garage insurance package is growing but still represents a small percentage.”

Most experts do not recommend paying the ransom since there’s no guarantee that the hacker will restore the files or that they haven’t already gleaned information for nefarious purposes. If paying the ransom is the only choice, be familiar with your insurance policy to know if cyberattacks are covered; according to an April report by the New York Times, many insurers have argued that certain cyberattacks tied to foreign governments aren’t covered under insurance policies due to the “war exclusion” which prevents insurers from paying for costs related to damages caused by war.

“The normal ransomware provision pays for rebuilding the system and database, which can take 30 days or more. It doesn’t reimburse or pay the actual ransom request (usually bitcoin), which offers an immediate fix,” Willett stated. “Intrepid’s provision pays for the ransom request because it was designed for what’s actually happening in the industry, and we plan to continue strengthening it for our customers’ protection.”

The best way to prevent damage from hackers is to avoid being a victim of a ransomware attack altogether. In “Awareness Briefings on Combating Ransomware,” published by the Cybersecurity and Infrastructure Security Agency (CISA), the organization offered tips for businesses seeking to protect against ransomware attacks which are also available on their website:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Backup data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when browsing the Internet. Read Good Security Habits for additional details.
  • Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

There are several tips reiterated by cybersecurity professionals that are fairly simple and should be adhered to by all shops interested in protecting their digital information against ransomware and other cyber-attacks. First, educate employees on the dangers of malware and common hazards; many companies choose to include expectations in their codes of conduct. Second, back up data since your ability to restore the files diminishes the hacker’s power. Lastly, be sure to update all software and operating systems since that is the only way to ensure protection against new approaches developed by hackers.

Willett agrees that insurance is only one component of managing cyber risk. “It’s important to have extortion coverage for ransomware, but trying to simply buy enough coverage isn’t the wisest risk management strategy. Shops should implement a variety of risk management tools, including firewalls, segmented networks and file encryption at a minimum – just like shops have fire suppression systems on their paint booths, they need to have a system to protect their business from cyber risk.”

As a result of their belief that education is paramount to prevention, Intrepid Direct Insurance has worked with RiskAnalytics to provide insureds with three safeguards included at no charge. The InsCyt Safe Browsing Tool (Sinkhole) protects against clicking on a link directed to an infected or suspected IP address by providing a warning in the browser. Intrepid also offers Online Employee Training to Defend Human Threats, a video teaching employees how to recognize and deal with malicious attempts, as well as a sample Security Awareness and Training Policy.

Willett believes, “Our understanding of cybersecurity will eventually mature to the point that cybersecurity policies are just as important as zero harassment policies. You need training for the human elements. Many of our customers pay for sophisticated cybersecurity management, and those companies appreciate Intrepid’s safeguards as much as the shops do.”

“We worked with RiskAnalytics to create solid tools to enhance our customers’ cybersecurity,” Willett continued. “As an insurance company, Intrepid expects losses, but we try to provide customers with viable risk management tools to sensibly mitigate the risks as much as possible. We always want to help insureds manage as much as they can within their own shops. This mentality is going to become more prevalent within our industry over the next couple years.”

If a ransomware attack occurs, immediately disconnect the infected machine from the network to prevent the virus from spreading, and restore files from backups if possible. Take a photo or screenshot of the message to file a police report. Hiring a cybersecurity company can help determine how the system was hacked and help implement measures to prevent future attacks.

Willett pointed out, “Intrepid’s customers should rely on what’s in their cybersecurity awareness training and already have action steps lined out. Shut down the impacted system to prevent the virus from infecting all of the shop’s computers, and contact your cybersecurity management team to assess the damages.”

Cybersecurity risks aren’t going away anytime soon; in fact, they advance every day to circumvent the protection that is developed against them. Willett stated, “I’m excited and relieved that everyone is finally talking about this issue. In the past, it was easy to say that only big companies were affected so it was difficult to get people to pay attention to cybersecurity, but that’s not the case anymore – anyone could be impacted, and being educated about all the risks and ways to protect yourself is the surest way to avoid being a victim of a cybersecurity attack.”

Comments Off on Protect Your Shop From the Threat of Ransomware