Big O Tires LLC franchisees celebrated growth in all business metrics at their annual convention April 4-5, 2017, in San Diego, Calif.
All the tire dealer wanted to do was upgrade his point-of-sale software. He chose an in-house server-based system, and made sure his employees received the proper training.
After a “crazy busy” first few days, the training became second nature, some of the bugs worked themselves out, and the new system, he said, “normed down.”
Less than two weeks later, his system was hacked and held for ransom. He was asked to pay up or he would lose all his POS information.
“It’s nothing you want to re-live,” said the dealer when contacted by Modern Tire Dealer. “It’s nothing you want to explain. You think you’re smart enough to run your business.”
The cost of ransomware to U.S. businesses is hard to quantify. In 2016, businesses paid out an estimated $1 billion, compared to $24 million the previous year, based on FBI data. However, those numbers only take into account known victims.
Losses due to downtime also are not included. As of May 2016, the FBI estimated ransomware had cost U.S. small businesses more than $75 million in downtime alone in less than a year and a half.
In its 2016 report, “Hackerpocalypse: A Cybercrime Revelation,” cybersecurity company the Herjavec Group estimated the annual cost of global cybercrime will reach $6 trillion a year by 2021. Ransomware is expected to make up an increasingly larger percentage of that total over the next five years.
What is ransomware?
According to the FBI, ransomware “is a form of malware that targets your critical data and systems for the purpose of extortion.” It is frequently delivered through “spearphishing” emails.
“After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor will purportedly provide an avenue to the victim to regain access to the system or data.”
Wayne Croswell, CEO and president of WECnology LLC, says ransomware attacks are typically carried out using a Trojan disguised as a legitimate file.
“They enter a system or network through, for example, a downloaded file or a vulnerability in a network service. The program then runs a payload, which locks the system in some fashion, or claims to lock the system but does not (e.g., a scareware program). Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, and contains content such as pornography and ‘pirated’ media.
“Payment is virtually always the goal,” he says, “The victim is coerced into paying for the ransomware to be removed — which may or may not actually occur — either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload’s changes. Payment can be as little as $10 or even $1,000, and many victims quickly pay it to get their system back. The attacker can infect thousands of systems and collect millions of dollars in ransom.”
When ransomware first hit the scene, computers predominately became infected with it when users opened email attachments that contained the malware, says Croswell.
“But more recently, we’re seeing an increasing number of incidents involving so-called ‘drive-by’ ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive email or pop-up window.
“Another new trend involves the ransom payment method. While some of the earlier ransomware scams involved having victims pay ‘ransom’ with pre-paid cards, victims are now increasingly asked to pay with Bitcoin, a decentralized virtual currency network that attracts criminals because of the anonymity the system offers.”
To pay or not to pay
It was a day he will never forget. “I came into the store and none of the computers were able to sign on to the server,” said the tire dealer. “So I went back to the server and logged in. There was a message on the screen that said my server had been encrypted, and to get it unlocked I needed to write to an obscure email address for more info.
“I immediately called anyone I knew in IT who would take my phone call, including my regular IT guy, who was on vacation. All of the feedback was not good. It was ‘pay what they ask for’ or ‘pull the server off-line and refresh it as new.’
“I decided on the latter. I wouldn’t pay.”
The dealer was lucky. He had only been using the new system for a short time, so he didn’t lose much information. “It was pretty mundane stuff anyway,” he said. “The data I collected wasn’t harmful. It was not like collecting social security numbers or blood types or financial information.”
What he did not do was contact law enforcement. The FBI, Central Intelligence Agency, U.S. Department of Homeland Security, Department of Justice, and the National Security Agency, among others, consider this a mistake.
“We strongly encourage you to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance,” says the U.S. government in an interagency technical guidance document, “How to Protect Your Networks from Ransomware” (https://www.justice.gov/criminal-ccips/file/872771/download).
“Law enforcement may be able to use legal authorities and tools that are unavailable to most organizations. Law enforcement can enlist the assistance of international law enforcement partners to locate the stolen or encrypted data or identify the perpetrator. These tools and relationships can greatly increase the odds of successfully apprehending the criminal, thereby preventing future losses.”
There are serious risks to consider before paying the ransom, according to the document.
The U.S. government does not encourage paying the ransom, but doesn’t prohibit it, either. “Whether to pay a ransom is a serious decision requiring the evaluation of all options to protect shareholders, employees and customers.”
“As with other forms of malware, security software might not detect a ransomware payload, or, especially in the case of encrypting payloads, only after encryption is under way or complete, particularly if a new version unknown to the protective software is distributed,” says Croswell. “New categories of security software, specifically deception technology, can detect ransomware. Deception technology can detect ransomware and notify cyber security teams, which can then shut down the attack and return the organization to normal operations.”
Using software or other security policies to block known payloads from launching will help to prevent infection, but will not protect against all attacks, he says. “There are several tools intended specifically to decrypt files locked by ransomware, although successful recovery may not be possible.
To help prevent being hacked and held for ransom, Croswell suggests the following eight preventive measures:
The Department of Justice has one more step to limit a ransomware infection: “No users should be assigned administrative access unless absolutely needed, and those with a need for administrator accounts should only use them when necessary.”
The attack was a wake-up call for the dealer, who requested anonymity in case the previous hacker decided to accept the “challenge” of his new system.
“I can tell you what I did wrong,” he says. “I did not go through a thorough process to put system controls in place that would have helped prevent this from happening. I needed an action plan in place to know what to do if it happened.”
“Also, by using and in-house server, it was easier to ‘open up the doors’ for hackers to come in. When we installed it, the ports got left open on the router.
“We don’t have a server in-house anymore. We’re using one in the cloud.” And he backs up the data regularly.
“It was a horrible experience,” he said. “Could it have been avoided? I think so. But hindsight is 20-20. If hackers really want to get in, they will, but I’m not going to help them.” ■
From Russia without love: Ransomware is a global phenomenon
“While initially popular in Russia, the use of ransomware scams has grown internationally,” says Wayne Croswell, CEO and president of WECnology LLC and a frequent contributor to Modern Tire Dealer. “In June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012.
“Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated $3 million before it was taken down by authorities, and CryptoWall, which was estimated by the U.S. Federal Bureau of Investigation to have accrued over $18 million by June 2015.”
Can the cloud protect you? Not completely, says WECnology CEO
Discount Tire, the largest independent tire dealer chain in North America, recently announced a multi-year, multi-million dollar cloud-based service agreement with OneView Commerce plc.
“We found that the overall savings in time and cost make cloud-based delivery of a digital store platform the most efficient and economical arrangement for achieving the operational return and improved customer experience that is at the heart of our strategy,” said Tom Williams, senior vice president for Reinalt-Thomas Corp., which does business under the trade name Discount Tire in most of the U.S., America’s Tire in parts of California, and as Discount Tire Direct online.
But does a cloud-based system protect the company against ransomware? Not completely, says Wayne Croswell, CEO and president of WECnology LLC.
“Having a cloud solution doesn’t eliminate ransomware from happening,” he says. “But when you host your application with a trusted secure company, they have the highest level of protection software which can help prevent hacks from getting in.
“But you still have computers at the desks of employees and counters, and if someone there gets a ransomware attack, it could infect the cloud instead of their in-house network.”
Big O Tires LLC franchisees celebrated growth in all business metrics at their annual convention April 4-5, 2017, in San Diego, Calif.
The nation’s largest network of independent tire dealers increased overall passenger and light truck tire unit sales in 2016 by 7.8% and same-store sales by 5.5%. With a net gain of 44 new Tire Pros stores last year, Ron Sinclair reminded dealers, “We have power!”
The tire pressure monitoring system (TPMS) on 2007 to 2016 GM/Cadillac Escalade Series system uses the remote control door lock receiver (RCDLR), body control module (BCM), four radio frequency (RF) transmitting pressure sensors, and the serial data circuit to perform the sensor learn mode functions.
The new BFGoodrich Winter T/A KSI from Michelin North America Inc. is designed for passenger and crossover utility vehicles (CUVs) in the Canadian market.
Registration is open for ASA Automotive Systems Inc.’s 2017 Software User Conference and Info Expo in St. Louis, Mo., scheduled for April 30 to May 2.
Bosch Automotive Service Solutions has released Bravo 2.9, the latest update to its diagnostics software for the OTC Encore professional scan tool.
Women in Auto Care, formerly the Car Care Council Women’s Board, has released a new website as part of its recent rebranding initiative.
The RNR Tire Express & Custom Wheels (RNR) franchise has added three digital platforms designed to increase lead generation, store traffic and quote assessments for franchise owners.
The new ultra-high performance (UHP) Advan A052 is Yokohama Tire Corp.’s latest street-legal and race-ready tire.
As the market for CUVs, SUVs and pickups continues to expand, Cooper Tire & Rubber Co. is updating its product lineup with the new Evolution H/T all season highway tire. It replaces the Discoverer H/T.
Bridgestone Americas Inc. celebrated the completed renovation of its Data Center in Akron, Ohio, with a grand re-opening and ribbon cutting ceremony.
The annual Geneva Motor Show in Switzerland is primarily a high profile car show presenting the very latest automotive technical advancements. It is also increasingly becoming a popular event in terms of tomorrow’s tire innovations, and once again most of Europe’s leading tire manufacturers were exhibiting this year.
The sales counter just moved. Well, it didn’t “just-move,” it’s been moving. In my early days of selling tires at retail, it all happened in a small area at the store known as the sales floor. Consumers called or visited the store where the initial details of a potential sale were discussed. Today, the initial discussion is digital. The salesperson at the store had a great deal of control because the product and pricing information resided with the salesperson at the store. Today, there’s plenty of product and pricing information available to the consumer before they call or visit.
The new ultra-high performance Advan A052 is part of Yokohama Tire Corp.’s Spring Getaway promotion, which rewards consumers with a choice of a 2016-2017 Chelsea Football Club (FC) jersey or a $60-$80 Visa prepaid card for purchases of select tires.
Hankook Tire America Corp. has hired a general counsel and public relations manager. Both are based at the company’s U.S. headquarters in Nashville, Tenn.