Over the past few months, Collision Advice’s Mike Anderson has been contacted by over a dozen shops regarding a computer ransom scheme where body shops’ computers and IT systems are hijacked and held for ransom.
Unable to access their programs and documents, victims are then contacted by the hackers with instructions on how to pay the ransom, usually in bitcoin.
Ryan Cropper, owner of Able Body Shops in Anchorage, AK, stopped in his shop on the Saturday before going on vacation in November 2018. He recalls, “All of the icons looked like Christmas presents and clicking on them opened a message with an email address to contact to unlock them. I contacted IT, and they confirmed my computer was hacked and I’d have to pay a ransom to release it.”
Fortunately, the hacker couldn’t access password-protected files. However, unable to find an alternate solution, Cropper paid $4,000 in bitcoin after IT verified the hacker’s record of releasing victims’ computers once the ransom was paid. Cropper was locked out of his computer system for four days. He shares, “It was a nightmare; I was losing my mind.”
“The amount they demand depends on what they find,” Cropper continued. “The hacker was unwilling to negotiate whatsoever. Our hacker came from Russia; we verified that through the IP address.”
After his documents were released, Cropper’s next step was figuring out how he got hacked. He learned that there was an open port on his computer that allowed him to access it from his laptop while traveling. “The hacker found the open port and did damage to benefit himself,” Cropper explained. “It didn’t ruin us, but it could have. Our firewalls didn’t stop it. Now, I have a two-part authentication for remotely accessing my system and that’s key to ensuring we aren’t hacked again.”
According to Anderson, “This has happened to a lot of folks. People have open ports and then receive a spam email; once they open it, hackers have access to your computer and lock it down until the ransom is paid. One shop owner heard me speak about this topic and protected himself so he could avoid paying the ransom when he was attacked, but several shops have been forced to pay.
These hackers are good at what they do.”
So how can shops protect themselves? Anderson advised, “First thing they can do is contact their IT department to make sure their system is secure. Then, make sure they have good insurance so the ransom is covered. Once it happens, it can be solved, but there’s definitely a cost to resolve it.”
Another impacted shop owner who prefers to remain anonymous offered this advice following his experience: “Hire an outside IT company to audit your IT network; you want them to try to penetrate your system to find the faults and loopholes. Don’t tell anyone, particularly your current IT support company, about this audit because you want it to be random. Upon the audit discovery, you’ll find out if you’re getting what you’re paying for monthly from your IT support company, and you’ll learn how quickly and closely they operate and monitor your business. They should see things happening quickly and spring into action by notifying if they are good.”
He continued, “You also want to make sure your IT support company is backing up your business onto the cloud on their own along with local offsite backups. Backups should be done daily, if not more frequently. Everyone should also be performing onsite external backups to the server and a computer. It’s important to have multiple external hard drives that get switched out daily.”
“Make sure you have insurance coverage for cyber-attacks, loss of customers’ information and ransom attacks. This is not something that is blanketed on your insurance policy. You need to discuss coverage for all these items separately,” he urged, adding, “Do NOT rely on technology only. Run your business with good processes and procedures that will allow you to operate in the event of a technology attack and/or the loss of computers and the internet.”
Cropper was able to turn the ransom into his insurance company and was refunded $3,500, the full ransom amount after paying his $500 deductible, but ransomware is not covered in every policy, so it’s important to check with your insurance company.
According to David Willett, general manager of the Automotive Industry at Intrepid Direct Insurance, “This is happening to other industries, but it’s becoming more frequent in our industry. The number of automotive repairers with cyber risk coverage in their garage insurance package is growing but still represents a small percentage. The normal ransomware provision pays for rebuilding the system and database, which can take 30 days or more. It doesn’t reimburse or pay the actual ransom request (usually bitcoin), which offers an immediate fix.”
Stay tuned to Autobody News next month for an in-depth look at cybersecurity and how to mitigate these risks with Willett.