Ransomware on the Rise

Read the April 2020 issue of RV PRO here.

Malicious ransomware online attacks on business computer systems are on the rise – and RV businesses are not immune.

No one knows this better than Jim Blumenthal, owner of Colorado-based Trailer Source RV Centers, whose business was recently victimized by ransomware.

As Blumenthal learned firsthand, ransomware infiltrates a company’s computer system by downloading itself via malicious links embedded in emails and websites. Once it executes and gets a grip on a business’s network or machine, ransomware quickly begins encrypting all a company’s files – rendering them impossible to open without a special password key.

Generally, networks and machines fully encrypted by ransomware serve-up a message on the business’s display screens, advising users that their business files are encrypted and that they won’t be accessible until the hacker behind the break-in is paid a ransom.

Often, these ransom demands total tens of thousands of dollars or more.

The problem, of course, is that business owners have to trust a criminal to provide them with instructions on how to de-crypt their files once money is sent to the hacker. And business owners have to live with the fact that the hacker will probably demand payment in the form of Bitcoin – a cyber-currency that’s nearly impossible to trace.

On Heightened Alert 

While Trailer Source RV Centers’ Blumenthal says he was able to escape from the ransomware break-in without risking public exposure to any of its data, the experience understandably put a scare into top management there.

“We have moved to encrypted servers in multiple locations throughout the country and retain a third-party monitoring company that assesses threats and the security of our servers on a daily basis,” Blumenthal says.

Even so, the hackers still keep coming at Blumenthal’s dealership – just as they keep probing other companies.

“We routinely receive spoofed emails appearing as if they are coming from an employee or vendor,” Blumenthal says. “It has definitely put us in a heightened state of awareness, and we practice redundancy to validate where incoming communication originates.”

Notably, there are different groups of hackers with different levels of expertise. “Many (members) are script kiddies (casual computer users without deep knowledge of computer code) or amateur hackers,” says Sharon D. Nelson, president of Sensei Enterprises, a computer security consulting firm. “But there is a core group of hackers who have extraordinary skills. They present one of the greatest security threats of recent years. And we have not, so far, done a lot to counter their intrusions.”

One trend that is particularly worrisome is the ‘professionalization’ of hacking that has emerged during the past years, according to Kevin Haley, director of Symantec Security Response, who says scores of today’s hackers have become 9-to-5 workers, with holidays, vacations and many of the other trappings associated with legitimate employment.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours,” he says. “We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”

Ransomware at Epidemic Levels 

Rich Conklin, an IT security consultant and owner of Executive Computer Solutions, says one of his clients recently was hit with ransomware, which brought down 28 of its computers.

“Because they had a formal, data back-up program for their business – which I recommended and maintain – I was able to get most of their data restored later the same day,” Conklin says.

Ryan Naraine, a head of the global research and analysis at Kaspersky Lab, hears network take-over horror stories like Conklin’s every day.

“Right now, ransomware is an epidemic,” he says. “Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern.”

Just how pervasive ransomware is today is difficult to say, because security experts in this field say many victims quietly pay off their attackers without notifying the authorities. However, Emsisoft, a security firm that helps companies attacked by ransomware, provided information to the New York Times showing that 205,280 organizations submitted files that had been hacked in a ransomware attack in 2019, representing a 41 percent increase from the year before.

While no data exists on the number of RV-related businesses attacked by ransomware, it is known that Trailer Source RV Centers is not the only business in the industry to suffer harm. Georgia-based supplier Southwire, which makes surge guards for the RV market, suffered a cyber-attack late last year. The company said it was subsequently able to take action to minimize the damage.

Meanwhile, some of the newest variants of ransomware are even popping-up on smartphones and other mobile technologies, according to recent a report released by F-Secure CEO Christian Fredrickson.

The security take-away?

RV businesses of all sizes need to make peace with the fact that hackers won’t be neutralized any time soon, security experts say. And those businesses need to be honest with themselves that their current computer defenses are probably silly putty in the hands of experienced of hackers.

The best way to begin hardening the online digital perimeter of an RV business is to realize that the person or staff responsible for a company’s web security is the over-arching factor in keeping the RV business safe – rather than the security technology that they happen to administer and oversee, according to Ira Winkler, founder of Internet Security Advisors Group, a computer security consulting firm.

“Fundamentally, good security really is just good systems administration,” Winkler says. “And if you can’t afford or can’t get a good system administrator, I recommend outsourcing that.”

In fact, Winkler says the smallest of RV businesses will probably be best served by an outsourced, third-party computing solution, given that the entire focus of a top-notch network systems provider is on configuring, maintaining and securing computer systems, 24/7.

In other words: Owners and top man- agers may want to move the critical computer applications of their RV business to the “cloud,” so they can take advantage of the relatively sophisticated web security offered in the cloud, according to Winkler. At a minimum, Sensei’s Nelson recommends a quality internet firewall that’s properly configured, and internet security software that guards against viruses, malware and spyware.

Both are available with software packages like Symantec’s Internet Security, Kapersky Security, Trend Micro Security and the like. And owners and top managers also need to be sure their staff gets the message that the company’s security has to be taken very seriously, according to Conklin.

“Education of your employees is key,” he says.

Staying Ahead of Hackers 

Staying a step ahead of hackers also means being careful with any custom-made software, Nelson adds, given that these pro- grams are rarely subjected to the rigorous security testing that popular, established software endures.

Content management systems (CMS) – software designed to enable RV businesses to easily update their websites – for example, are often custom-made.

“A custom CMS is usually a bad idea,” Nelson says. Many employees also tend to get lazy about passwords. In fact, research shows one of the most commonly used passwords is still “P-A-S-S-W-O-R-D” – a seemingly trivial oversight that has spelled the undoing of countless, otherwise stellar computer security systems, according to security experts.

Nelson recommends complex alpha- numeric passwords of more than 12 characters, which are tough to crack even by software specifically designed to crack passwords. And she reminds people to use different IDs and passwords to enter different applications and networks.

RV businesses looking to be especially vigilant about passwords can also use free, online password generators, like Secure Password Generator, which will instantly generate long, complicated passwords for users.

Or, they can purchase password management software like Dashlane 4 or LastPass, which auto-generate complicated passwords, as well as centralize all of a user’s IDs and passwords into a single, easy-to-use program. RV businesses also need policies in place to establish lock-outs after a system user has entered a pre-determined number of incorrect IDs or passwords, Nelson adds. And the same lock-out fail-safe needs to activate the moment an employee departs or is terminated from an RV business.

For protection of especially critical data, Winkler advises multiple-authentication, such as the use of two or three passwords to access a website maintenance account, rather than just one. And he says businesses whose data privacy is especially critical should consider investing in data leakage prevention software.

RV businesses also may want to consider storing some data – especially credit card data – on a separate system that is completely disconnected from the internet at all times.

Security experts say RV employees also should stay on the lookout for ‘social engineering’ ploys – a fancy term for when a hacker who forsakes the digital black arts, and instead tricks someone at an RV business into surrendering their digital crown jewels with a friendly phone call, or a seemingly innocuous email, requesting system information.

Regular meetings, eNewsletters or memos about security vigilance also offer an opportunity for business owners to update their staffs about the latest smoke-and-mirrors in vogue among hackers. A popular hacker ploy lately, for example, is to regularly spam employees with marketing emails that seem to originate from a legitimate business and include a handy ‘unsubscribe’ link at the bottom.

Unbeknownst to the recipient, clicking the link activates an invisible download of malware to their PC or other computer device – software that can be used to steal IDs, passwords, credit card numbers, client data, and the like.

“Look at the link, and see where it’s coming from,” Winkler advises. If users don’t recognize the company, or the link seems hinky, don’t click it, he adds.

RV businesses also can hire IT security service providers like KnowBe4.com, which specialize in training employees in computer security best practices.

The company also will subsequently test employees surreptitiously with emails, phone calls and other ruses to verify that they are not falling for such tricks.

Security experts also suggest that business owners run any security solution they choose past their attorney or other designated personnel hired to ensure that any software used complies with all government regulations impacting RV businesses.

And security experts say business owners also probably want to consider insurance, given that most general business insurance policies are often devoid of cyber-threat coverage. If all else fails, security experts say business owners should also consider a backup plan – just in case the RV business gets hit by a hacker despite all their efforts.

There are, of course, other ways to further toughen the security and protect an RV business.

However, at a certain point, security experts say RV business owners will probably need to concede that internet security will never be perfect – only hopefully, just good enough.

“Anybody who sells you ‘perfect security’ is a fool or a liar,” Winkler says. “What security is about is risk management. The more you elevate security, the more you’re raising the bar, and the more exponentially you’re decreasing your risk.”