Ransomware Attack On Essent Underscores Industry’s Vulnerability
With the promotional products industry that it serves already facing a growing variety of sophisticated cybercrimes, Essent (PPAI 244574), a Pennsylvania-based business service provider, last week was victimized by an encryption-based ransomware attack that has disabled its systems and taken it offline.
- The attack brought down Essent’s systems starting on Friday, November 4, and has continued through this week without resolution.
- Ransomware is a type of “malware” (or malicious software) that can lock a user out of their own system, often requiring a ransom fee to regain access.
Why Is This A Big Deal For Promo?
Beyond the nightmare this serves for Essent, which has enlisted tech experts from outside the company to remedy the situation, this news has harrowing implications for the promo industry.
- As Essent is a business management platform, this cyberattack also affects its promo clients. Both distributors and suppliers use it as a cloud provider of integrated ERP. While Essent’s software is held hostage, the businesses of its promo clients are effectively held hostage as well.
How Did This Happen?
Essent is still in the process of investigating and remedying the situation. PPAI will update this story as more details are provided. Essent describes the crime as an encryption attack.
- Ransomware uses a type of cryptography, or the technique used to create secured communications or protocols, to encrypt and decrypt files.
- Once the attacker encrypts the files, they create a private key that will be needed to regain access to the files, which they will withhold in hopes of soliciting money in exchange.
Essent’s statement on the situation reads:
“Essent is currently experiencing a disruption to the use of our network and communication systems. Our investigation has determined that it resulted from an encryption attack. We have engaged outside experts to assist with the process of determining the scope of the impact and remediate the problem. We are working around the clock to regain operations, but we do not yet have a timeline for safe and secure access to the network. Customers have been notified and may reach us at ContactEssent@gmail.com.”
What Can You Do To Avoid The Same Fate?
Perhaps the biggest asset a company can provide a cybercriminal is arrogance or complacency.
- The worst logic a company can take is assuming these crimes will always happen to someone else. And best practices can’t just be implemented; they need to evolve with the sophistication of the attacker’s strategies.
- A good IT team will help push a company to understand exactly how risks can turn into disaster. For smaller companies without IT teams, this responsibility may fall on everyone.
- All staff must be cautious and conscientious when doing anything online, including receiving and responding to emails or opening links.
The Federal Bureau of Investigation considers ransomware a serious crime, albeit one that is elusive in terms of effectively policing. The FBI provides a few tips:
- Keep operating systems up to date.
- Not only implement anti-virus and anti-malware solutions but set them to automatically update and run regular scans.
- Back up data regularly.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organization is the victim of a ransomware attack.