Be on High Alert for Ransomware Attacks
Kirsch CPA Group
Nov 12, 2020

The FBI has warned of a staggering increase in ransomware attacks against businesses since the start of the COVID-19 pandemic. Here’s what business owners and managers should know about these attacks to help prevent them — and manage an attack if preventive measures fall short.
Cybercrime Crisis
Cybercrime reports to the FBI have quadrupled in 2020. The FBI Internet Crime Complaint Center currently logs in between 3,000 and 4,000 calls a day. Ransomware attacks, in particular, have increased by seven-fold since 2019, and the estimated global cost of ransomware attacks for 2020 is $20 billion, according to cybersecurity firm Bitdefender. This is from a recent report from insurance provider Beazley:
In 2020, we have seen significant changes to the cyber risk landscape. Ransomware has grown in frequency and severity, and extortion demands have risen. The threat of data exfiltration and consequent release of confidential information has increased, and the resulting business interruption of all these events has become a regular occurrence.
The average ransom payment grew to $178,254 in the second quarter of 2020, up 60% from the first quarter of 2020, according to the Q2 2020 Ransomware Report published by ransomware consulting firm Coveware. And the percentage of ransomware incidents where data had been “exfiltrated” — meaning it’s withdrawn from the victim-organization’s network — grew from 7.8% in the first quarter of 2020 to 22% in the second quarter of the year.
No one is immune: Ransomware attacks have been launched against large and small organizations, including public and private businesses, educational facilities, health care providers, government agencies and non-profit entities.
Important: On October 28, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services (HHS) issued a joint cybersecurity advisory. It describes the tactics, techniques and procedures that cybercriminals are currently using against hospitals and health care providers to infect systems with encryption ransomware, notably Ryuk and Conti. The alert recommends specific measures for hospitals and other health care entities to consider to prevent such attacks.
Anatomy of Ransomware Attacks
Ransomware is malware designed to prevent access to a computer system or files until the user meets the perpetrator’s payment demands. It’s as if your entire computer network is being held for ransom — and neither your employees nor your customers can access the data.
Back in the 1980s, when ransomware was introduced, attacks typically targeted individuals, and payment was made through the regular U.S. mail. Today, high-tech crooks usually go after deeper pockets and often require the ransom to be paid with credit cards or cryptocurrency, such as Bitcoin.
It doesn’t take much to be infected. Typically, the malware takes root when a malicious email is sent to an employee of a company and may utilize phishing or spear phishing techniques. The malware may be embedded in attached Word files or PDFs, or the email might contain a link to a website that will install the malware on the user’s computer and, from there, infiltrate the network.
Why would anyone open an unsolicited email and then open an attachment or click a link? Looks can be deceiving. Frequently, the email appears to come from a legitimate business partner or from a friend or relative. In other cases, perpetrators pose as law enforcement officials or representatives of agencies, such as the FBI, IRS or Department of Labor, to scare victims into paying up. (See “Three Types of Ransomware,” at right.)
Another threat is the use of “malvertising,” malicious advertising that hooks recipients with little or no interaction on their part. For example, if you’re simply browsing the web and come across malvertising, it can infect your computer, even if you don’t click on the ad. This may deliver the ransomware directly or be used to launch an attack against a targeted user.
Once a user’s device has been compromised, the perpetrator has a foothold in your entire IT environment. Before your IT department detects the breach, the hacker is free to explore your network for vulnerable systems and sensitive data and encrypt data indiscriminately. Then the hacker can demand a ransom for the decryption key needed to restore your access to the network.
Preventive Measures
Ransomware is a growing threat, especially as more people are working, learning and interacting with organizations remotely during the COVID-19 pandemic. It’s important for your organization to take steps to protect your networks from these attacks. Generally, this requires people who access your network to identify ransomware before it infects their computer.
Consider implementing the following best practices:
Train users to recognize red flags. Employees and other users who access your network should understand how ransomware attacks happen and why it’s smart to exercise caution when opening unsolicited emails and searching the Internet. For example, before clicking on a link or opening a file, they should be trained to verify the sender’s email address.
Require your staff to participate in regular cybersecurity awareness training sessions. Consider testing methods that simulate actual ransomware attacks to help improve awareness and test whether your training program is effective.
Install the latest IT security products. Take advantage of the advanced technology at your disposal. Examples include antivirus software, firewalls and email filters designed to keep outsiders at bay.
Stay current on updates. Ensure that all operating systems and applications are updated on users’ computers. If not, secure the latest patches from verifiable sources. Criminals launching ransomware attacks are known to prey on those with vulnerable systems and applications.
Back up files. Perform frequent backups of your system and other important files. If a computer becomes infected with ransomware, you can restore your system to its previous state using backups — as long as you catch the attack before the perpetrator has a chance to encrypt the data. Store backups in a device that’s separate from the network, like an external hard drive or in the Cloud.
Insurance Protection
Many organizations also buy cyber liability and breach response insurance to fortify their defenses against losses from breaches and ransomware attacks. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident. Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. It typically protects against liability or losses that come from unauthorized access to your company’s electronic data and software.
Instead of purchasing a standalone cyber liability policy, you can add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the endorsement isn’t as extensive as the coverage in a standalone policy.
Business owners and managers should carefully read their policies to understand what types of incidents are specifically excluded from coverage. And, remember, no type of cyber liability insurance is a suitable replacement for sound cybersecurity policies and procedures. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.
Proactive Response
Unfortunately, preventive measures aren’t foolproof. If your organization falls victim to a ransomware attack, what should you do?
You may be tempted to pay the ransom immediately, hoping the threat will go away quickly and with minimal harm. But paying ransom can be costlier than restoring data from backup files or other means. The average cost to remediate an encryption ransomware attack is $1,448,458 for victims that paid the ransom, compared to only $732,520 for those that didn’t ante up, according to “The State of Ransomware 2020” published by IT security firm Sophos.
Why does paying ransom roughly double the cost of a ransomware attack? First, you must pay the ransom. From there, you must restore the data and get your network back up and running after an attack. Plus, there’s no guarantee that your data will be fully restored even if you’re able to obtain the decryption key from the perpetrator.
If your organization has insurance coverage against ransomware attacks, your insurer can help guide you through the process of reporting the incident to law enforcement, restoring your systems and communicating the effects to stakeholders. Your financial and legal advisors can be valuable resources, too.
Got Questions?
On September 30, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center released a joint Ransomware Guide. It provides best practices in preventing and responding to a ransomware attack.
For more information on how to safeguard against these attacks — or how to respond if your network had been breached — contact Kirsch CPA Group at 513.858.6040.

About The Author
Kirsch CPA Group is a full service CPA and business advisory firm helping businesses and organizations with accounting,…
Tags
Sign Up for Email Updates
Related Articles












Does your Business Deduct Research & Development Expenses? Major Changes Impact 2022 Taxes…
- 11-09-22
- Elizabeth Michalak






Why Have Your Financial Statements Reviewed (Even When Not Required)
- 10-17-22
- Kirsch CPA Group















Case Study: Strategic Accounting Support from Acquisition to Sale
- 09-20-22
- Kirsch CPA Group



























Prevent a Poorly Structured Chart of Accounts from Hiding Your Profitability
- 01-06-22
- Nick Roell















Entrepreneurial Mindset: Kirsch CPA Group Sets a Framework for Growth
- 10-28-21
- Kirsch CPA Group






























What Your Numbers Are Saying: Are You Listening?
Part 2: How Attractive Is Your Balance Sheet?
- 07-19-21
- Kirsch CPA Group












What Your Numbers Are Saying: Are You Listening?
Part 1: Do You Know Your Profitability?
- 06-09-21
- Kirsch CPA Group




































Using Cash Flow Forecasting to Avoid Problems & Grow Your Business
- 04-07-21
- Kirsch CPA Group









Selecting the Right Payroll System for Your Construction Business
- 04-01-21
- Kirsch CPA Group















Self-Employed May Be Eligible for COVID-Related Tax Breaks for 2020
- 03-17-21
- Kirsch CPA Group






COVID-19 Relief: Overview of the New American Rescue Plan Act for Individuals
- 03-17-21
- Kirsch CPA Group



COVID-19 Relief: Business Overview of the New American Rescue Plan Act
- 03-17-21
- Kirsch CPA Group



























Opportunity Zone Investments: A Tax Deferral Opportunity You May Have Overlooked
- 02-17-21
- Kirsch CPA Group




































The Status of Temporary COVID Tax Relief Measures After the New Law
- 01-21-21
- Kirsch CPA Group















8 Accounting Practices for a Financially Healthy Construction Business
- 01-07-21
- Kirsch CPA Group









Appropriations Law Adds Some Business Tax Breaks and Extends Others
- 01-07-21
- Kirsch CPA Group



























Contending With the Patchwork of State Requirements for Nonprofits
- 12-17-20
- Kirsch CPA Group




































Employee or Independent Contractor? The Rules May Be Getting Simpler
- 11-12-20
- Kirsch CPA Group






Do the COVID-19 Extended Deadlines for Health Plans Still Apply?
- 11-12-20
- Kirsch CPA Group












Using Remote Workers? Protect Sensitive Company Data from Exposure
- 10-28-20
- Kirsch CPA Group













































What You Need to Know About the Deferral of Payroll Tax Obligations
- 09-15-20
- Kirsch CPA Group









Hobby or Business? How to Treat COVID-19 Sideline Activities for Taxes
- 09-15-20
- Kirsch CPA Group















Monitor These 3 Things as COVID-19 Changes Your Nonprofit’s Priorities
- 08-11-20
- Kirsch CPA Group












FASB Offers Reprieve from Updated Lease and Revenue Recognition Rules
- 07-23-20
- Kirsch CPA Group






COVID-19 Crisis May Affect Tax Angles for Rental Property Losses
- 07-10-20
- Kirsch CPA Group









Last-Minute Strategies for Businesses that Deferred Filing Tax Returns
- 07-01-20
- Kirsch CPA Group









Can Your Business Survive and Even Thrive in These Trying Times?
- 06-18-20
- Kirsch CPA Group






Five COVID-19 Obstacles a Construction Company Needs to Navigate
- 06-12-20
- Kirsch CPA Group












Cash Flow Tip: Postpone Payment of Certain Federal Employer Payroll Taxes
- 04-20-20
- Sue Schloemer


















Tax Filing Deadline Remains April 15 – Payment Due Extended to July 15
- 03-19-20
- John Kirsch










































8 strategies to help you adapt to economic down turn without layoffs
- 02-24-18
- Diane Glover





















Which Research Activities Qualify for the Qualified Small Business Tax Credits
- 07-17-17
- Diane Glover





































