Skip to main content

Stopping a Cyberattack in Its Tracks

November 16, 2023

Camico Claim Chronicles 123-A

CAMICO policyholder Henry Gould of Gould & Young, LLC, received a text from the firm’s third-party IT company, LHG Consulting, that there was an issue with the company’s network. Taken back by the alert, Gould immediately headed to the office where an LHG specialist showed him a ransom note. Fortunately, the company performed daily data backups, and they weren’t impacted by the cyberattack. The only data that appeared to be lost was the previous day’s work. As LHG continued to investigate, they discovered that ransomware had encrypted data on the company’s file server. It appeared to be a variant of LockBit 3.0 ransomware called “LockBit Green.” The attack was identified within 90 minutes from when it began, and only impacted the server; no additional malware was detected. LHG restored the network (Gould & Young’s system was down for about a day) and there was no evidence of data exfiltration. LHG continued to monitor Gould’s system and added cloud-based cybersecurity software to help track and block cyber threats and vulnerabilities. Since the cybersecurity services were within the parameters of LHG’s service agreement with Gould & Young, there was no additional cost or separate billing for the incident – claim closed.

Select the answer that is the correct response.

1.       What measures did Gould & Young, LLC have in place to prevent damages from the ransomware attack?
a.       An IT firm tracking its system for security issues and cyber threats.
b.       Received real-time alerts/ communication when a cyber threat or security concern was detected.  
c.       They took immediate action when a threat was discovered.
d.       They backed up their company’s data on a daily basis.   
e.       All the above.

2.       What kind of cyberattack is ransomware?
a.       A fraudulent practice of sending emails or other messages claiming to be from a reputable company to sway individuals to reveal personal information (such as passwords and credit card numbers).
b.       A type of malicious software designed to block access to a computer system until a sum of money is paid.
c.       A scheme that sets up a fake website or compromises a legitimate one to exploit visiting users.
d.       All the above.
e.       None of the above.

3.       What oversights can make a firm more vulnerable to ransomware or any other cyberattack?
a.       Not installing robust security software and maintaining it with the latest security updates.
b.       Not regularly performing data backups.
c.       Lack of company-wide cybersecurity awareness training.
d.       Not implementing multiple security tools to detect and block cyber threats.
e.       All the above.

Correct Answers:

1-e. All were important steps Gould & Young took to mitigate risks and put an immediate stop to the ransomware attack to prevent serious damage and loss. The firm performed daily backups, which is essential to protecting a business and its data. Devices can be set to back up to the cloud automatically. However, when relying on cloud storage, ransomware can take control of cloud services, so any data stored in the cloud should also be occasionally backed up to an external hard drive. Data backups ensure that a business can continue to operate, even if resources are taken offline by a ransomware attack.

2-b. Ransomware sneaks into computer systems, encrypts files, and demands ransom before decrypting files. It can range from a few thousand dollars to several hundred thousand dollars, so being prepared and taking precautions against cyber risk exposures such as ransomware is essential.

3-e. All are key mistakes that businesses can make to become an easy target of a cyberattack. With proper training and strict adherence to firm-wide protocols, firms can and should consider their people as the first line of defense against cyber threats. Ensure that all software has the latest security updates and prioritize employee awareness training to help protect against malware, viruses, and hacker attacks. Stay informed about emerging and evolving cybersecurity threats and install multiple security tools such as a firewall, antivirus software, anti-malware software and spam filters so that if one fails, there are backup protections in place to alert your team of a problem.

“Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the pitfalls and best practices in the accounting profession. All names have been changed.