No Woman, No Cry. Why You Should Be Concerned About Ransomware. NOW! — Photo by HotelTime Solutions

'Cause We're Living in a Material World

A study by Cloudwards found that, in 2021, a striking 37% of businesses and organizations worldwide underwent a ransomware attack. And, of these, 1/3 paid the ransom. But what are, exactly, ransomware? They are malicious software encrypting the victim's data and making them inaccessible until a ransom (hence the name) is paid. Usually, the perpetrators demand settlement in crypto, allowing them to receive compensation anonymously and avoid detection by law enforcement, with Bitcoin as the currency of preference (up to 98% of ransomware ransoms are paid in BTC). Ransomware attacks can be financially and operationally devastating for businesses because, let's put this straight up, there's no guarantee of getting your data back. Here's why it is generally advised not to pay ransoms, as there are no assurances that the attackers will actually decrypt or fully restore the affected data. Instead, all you're paying for is a vague commitment to unlocking the encrypted files. Moreover, paying victims of ransomware attacks may inadvertently encourage future attacks. Let me explain this: when attackers are successful in collecting ransoms, it kinda "proves" to them that their methods are effective and can be used to fund the development of more sophisticated malware and attack techniques. This reinforces the importance of focusing on prevention and recovery methods to mitigate the impact of ransomware attacks. Pretty cool, eh?

Some History

The most famous ransomware attack has to be 2017's WannaCry: it affected over 230,000 computers in more than 150 countries, causing billions of dollars in damages. The attack primarily concerned organizations that had not installed a Microsoft security update and/or using unsupported versions of Microsoft Windows. However, this is far from being a recent phenomenon. Ransomware have a long history, with one of the earliest recorded instances being the AIDS Trojan horse attack in 1989. This attack involved the distribution of a floppy disk (sic!) containing the ransomware to attendees of an AIDS conference (oh, the humanity...). When activated, it encrypted various files on the targeted hard drive and demanded that victims send $189 to a PO Box in Panama to retrieve their data...

A Scalable Business Model

The proliferation of ransomware attacks in recent years, however, can be primarily attributed to the emergence of what is usually known as Ransomware-as-a-Service (RaaS). Under this model, a developer creates a strain of ransomware and licenses it to other cybercriminals for their attacks. This model offers two primary benefits for hackers: first, the ransomware developer can earn money by collecting a percentage of each attack's revenue without having to carry out the attacks themselves, and second, attackers without a high level of technical expertise can utilize the "plug-and-play" RaaS model to focus on infecting victims and collecting payments. To use an analogy, it's like Booking.com for hackers. Not really but, hey, you got the picture.

For the Watch!

Ok, you may think this will never affect you. Well, you might want to hold that thought. According to a report from Datto, 85% of Managed Service Providers identified ransomware as the most common malware threat their small and medium business clients face. Moreover, if you believe that behind these attacks are hackers like those you see in 80's techno-thriller movies such as WarGames, the reality is that all it takes to f*ck your business up is falling for a juvenile phishing email. As much as 91% of cyberattacks begin with an email, so you're not only one click away from enlarging your, well, you get it... You're also one click away from destroying your business!

Could you Print my Boarding Pass?

Has a guest ever approached you and requested that you print a boarding pass from a USB stick that they provided? This is something else to be wary of. As a hotel worker, it is essential to be cautious when using USB devices, especially ones given to you by guests. These devices can potentially contain malicious software, which can infect your computer and compromise your network security. USB sticks are insidious because they can execute code, and it is possible to infect a computer simply by inserting them, without running any programs or clicking on any files. It is recommended to exercise caution when using USB devices and consider disabling the USB ports on the hotel computers tout court. Additionally, suppose a guest in your hotel can access the same network as your internal systems. In that case, they could potentially insert a malicious USB stick into their own device and compromise your network's security while having a coffee in room 214. If you are using a legacy PMS, this could potentially be a recipe for disaster. Property Management System is a mission-critical system for any hotel. If it is hacked or compromised, it could seriously disrupt your operations. Therefore, ensuring that the PMS is secure and protected from potential threats is essential. The best way to enhance the security of the PMS is to use a cloud-native system. By externalizing the PMS, the system becomes entirely resilient to attacks on the local network. Therefore, even if the local network is compromised or goes down due to an attack, the PMS can still operate normally because it is hosted on external servers. This ensures that the hotel can continue to operate smoothly, even in the face of a potential security threat.

Give Me Ransom or Give Me Death!

Ransomware may have a significant financial impact on your business, as the ransoms tend to be very high. It is a profitable business model for criminals, with the average ransom payment being around 1/4M$... Most victims of ransomware attacks choose to remain silent about the settlement they had with the hackers, so it's hard to evaluate precisely the amount of money involved in the activity. However, some decide to publicly disclose their ransomware payments, bringing attention to the issue and helping authorities and cybersecurity researchers in their efforts to combat the phenomenon. Over the past few years, several high-profile companies have been targeted with ransom demands. Some examples include Trenitalia, the Italian railway company, which was asked to pay a ransom of $5 million in Bitcoin; Nvidia, which was asked to pay $1 million; Accenture ($50 million); Apple ($50 million), MediaMarkt, ($240 million), and Ace ($50 million). And that's just the ransom! The recovery process after an attack can be way more expensive, with the average cost estimated at $1.85 million. This includes the ransom payment itself and expenses associated with downtime, lost data, and other financial impacts.

How to Protect Your Business

Effective prevention of ransomware attacks requires a combination of robust monitoring applications, frequent file backups, anti-malware software, and user training. While no cyber defenses can eliminate risk, implementing these measures can significantly reduce the chances of a successful attack. The use of cloud-based systems can also enhance resilience and protection against ransomware attacks. In contrast to on-premise systems, which a ransomware attack can completely halt, a cloud-based system can quickly be switched to a backup server in the event of an attack, minimizing downtime and allowing businesses to continue operating. This can be particularly beneficial for hotels, which rely on their PMSs to manage reservations and guest information daily. Even in the event of a longer-term outage, such as a server breakdown or an extended power outage, a cloud-based system can ensure that operations can continue without disruption, resulting in a better experience for guests and reduced financial losses for the hotel. It's worth remembering that, on average, a ransomware attack creates 21 days of downtime. For hotels, the inability to operate without a property management system for three weeks is pure nonsense. Using a legacy system, when it comes to cybersecurity, is like posting a sign that says, "this is the way, come inside!" to hackers. And if you think you're immune, remember what I've said before: you're just one click away...