FBI: 10 reports data held for ransom in Iowa, number could be higher
The FBI received 10 reports of ransomware attacks in Iowa in 2018, but experts think the problem is bigger than that.
“I think that number is way higher,” said Ryan Mulhall, the network service bureau chief of Iowa Communication Network.
When ransomware hits, all information in a system can be held hostage, unreachable by the system’s owner, until they pay a fee.
ICN Brickhouse is a central location near the capital building where it handles internet and video services for the hospitals, public safety, state government and schools.
Mulhall remembers when a ransomware attack put all that critical information at risk.
“Luckily, we had strong backups in place, and we recovered within about five minutes,” Mulhall said.
“Most of the way it’s delivered is through phishing e-mails,” Mulhall said.
Many are starting to treat cyber risks the same as the risk of a fire or storm damage,and choosing to purchase insurance.
“But the data breaches on average cost [is] three times more than a fire loss to a company,’ said Ross Ingersoll, with Travelers Insurance. “And they’re not buying cyber insurance.”
Travelers Insurance estimates less than 50% of businesses use cyber insurance. Their claims data shows smaller and medium-sized businesses are more often targeted asking for smaller amounts.
“They have lesser controls in place,” Ingersoll said.
He recommends creating strong spam filters to prevent phishing e-mails, strong firewalls and most importantly, regularly backing up the system.
“The best thing you can do is have an incident response plan in place,” Mulhall said.
Law enforcement and cybersecurity experts recommend never to pay the ransom, instead spending money on education and the protections that can protect the organization from becoming a victim.