Eye on Hospitality: Beware of Ransomware

Eye on Hospitality: Beware of Ransomware

By Paul Schlienz

Don’t ever say “It can’t happen to me.” Whether you want to believe it or not, your business is susceptible to cyberattacks.

“The more we use information systems and digital devices, we have to deal with the security of those devices and the security of the information,” said Nick Schacht, CEO of KnowCyber, a Houston-based cybersecurity training firm. “That’s what cybersecurity is at its core: keeping our information and the information we create and collect secure so it’s not misused, stolen or abused in some way or other.”

Currently, the focus is on a particularly vicious variety of malware called “ransomware.”

Ransomware typically encrypts files so you can no longer access them. Then you will you get a message telling you that to restore to access to your files, you need to purchase some code, and the way you will have to do this is by paying the hacker in Bitcoin, an electronic currency that cannot be traced by any government.

In addition, ransomware can shutdown essential operations or processes your business depends upon. For example, in one notorious case, an Austrian hotel was hit by ransomware that locked guests out of their rooms.

“Ransomware is becoming a pandemic,” said Tony Neate, a former British police officer who investigated cybercrime for 15 years. “With the internet, anything can be switched on and off, from computers to cameras to baby monitors.”

Restaurants, too, have been hit with this scourge. One example was the Hard Times Café, in Rockville, Maryland, where ransomware shut down its point of sale and back office computer systems.

“The FBI tells us they can’t keep up with ransomware cases,” said Bob Howard, the café’s co-owner. “The advice is either pay the ransom or shut down your entire systems and rebuild from scratch. And that’s what we’re doing.”

The reason for the sudden focus on ransomware is the recent global ransomware attack with a virulent form of ransomware called “WannaCry.”

Ransomware is normally spread two ways – either through emails with attachments or links that will download the program – or through pages or pop ups that appear pretending to be offering legitimate updates for your computer from Microsoft. The reason WannaCry spread as quickly as it did, however, is unique. This ransomware is also what is called a “worm,” meaning that once it infects one computer, if that computer is part of a network, it spreads to all the other computers in the network.

So, how do you protect yourself from ransomware?

First, don’t ever download from sites that tell you software on your computer is outdated. Next, always keep your antivirus programs up-to-date. Finally, always backup your files. Hackers know that most people don’t keep backups. Even some businesses fail to keep regular backups, a big mistake that usually leads to data loss.

“[Ransomware] transforms the vulnerabilities of the Internet of Things into a vehicle for tremendous financial profit,” said Josephine Wolff, assistant professor of public policy and computing security at Rochester Institute of Technology and a faculty associate at the Harvard Berkman Center for Internet and Society. “Building on the tremendous success of traditional ransomware distributors, who merely hold data and computer systems hostage, people who design ransomware that targets physical infrastructure, be it hotel doors or stoves, have a very lucrative future in store for them unless we retain some of our manual checks on the increasingly automated world.”

As always, the best defense is to use common sense.

Categories: News Room