As ransomware “spreads like wildfire” and attacks businesses of all sizes, taking proactive steps is vital to fending off criminals mining sensitive data, according to one Missoula-based security expert.

Sherri Davidoff, CEO of LMG Security, a Missoula company that works only with businesses – not individuals – told a City Club crowd of about 90 Monday that insidious ransomware criminals hit businesses without the general public’s knowledge because companies rarely report the crimes.

“There are tons of instances in Missoula of people getting hit and nobody knows about it,” said Davidoff. “I probably shouldn’t even name the industries they’re in, but you won’t see it in the paper.” 

Industries hit locally include the medical and education fields, but ransomware is even more widespread than that locally, she said.

Entities targeted include state government, municipalities and small businesses of every kind. It can have a devastating domino effect.

“When an IT company gets hit, then their clients get hit, because the criminals are getting wise,” she said. “They’re stealing those passwords, they’re using that to infect their clients as well. Nobody is calling the paper.”

One ransomware company demands an average of over $257,000, which Davidoff said is really common now. A new strain of ransomware may demand $50,000. 

“At LMG, we are handling $100,000 and $200,000 all the time.” 

While targets tend to be larger businesses, smaller businesses are equally as vulnerable, she added. Ultimately, it’s up to each individual business to decide whether to pay the ransom or risk going out of business by reacting and safeguarding data. But by that time, automatic ransomware programs have already broken into a system and can continue to inflict further damage. 

Pacing is one tool ransomware uses, as data can be compromised slowly over time so that it’s more difficult for a company to detect. When a network’s shared files start to go blank and a connected USB unit locks up, the damage “can happen fairly quickly.” 

“If you take a thumb drive from somebody else, you should feel dirty,” Davidoff said to nervous laughter in the room. 

Ransomware also relies heavily on timing, as it can invade systems remotely, even when you’re not at your work computer. 

“Malware spreads really fast and can spread like wildfire,” she said.

What can businesses do to prevent ransomware attacks?

Sherri Davidoff, CEO of LMG Security in Missoula, discusses cybersecurity in businesses with Peggy Kuhr of City Club Missoula on Monday. (Renata Birkenbuel/Missoula Current)
Sherri Davidoff, CEO of LMG Security in Missoula, discusses cybersecurity in businesses with Peggy Kuhr of City Club Missoula on Monday. (Renata Birkenbuel/Missoula Current)

Davidoff hammered home that businesses must take four vital steps to proactively avoid cybercriminals from invading a network, then demanding thousands or sometimes hundreds of thousands of dollars to allow the victim back into its own system. 

The first step is to back up systems. 

“If you don’t test your backups, you don’t have backups,” she said. “If you don’t have backups, you might have to go try to decrypt the data – and today these are sophisticated software programs.”

Ransomware controls the decryption tool, also. Once you get into the dark web, it posts a countdown page on a web portal detailing how much time remains for a victim to pay up. 

Basically, the criminals lurk with built-in chatrooms and often give proof that they’ve researched your financials.

“Typically, when you’re hit with ransomware, they’ve been lurking in your system for some time," she said.

If you reply in a chat room that your company cannot afford, say, a $50,000 ransom to delete the bad files, Davidoff often sees the criminals reply: ‘The price is appropriate, according to your financials.’”

The chilling effect originates with what Davidoff calls Bank Trojans, a silent type of attack that often causes ransomware.

The second step is to use strong, two-factor authentication on accounts for businesses “to prove you’re you.” Not even two-factor verification via a text message from a bank is secure, she said. To strengthen passwords, she suggests going to for helpful tips.

Target’s 2013 data breach occurred after one of its suppliers, an HVAC company, was hacked; attackers then spread from its network into Target's.

Once passwords are stolen, private debit cards, taxes and other individual information are at risk. The crime increases exponentially, as the criminals can then install, rent and earn recurring revenue off stolen data.

Also, do not store passwords on a computer. Complex passwords are no longer required, but Davidoff said to use, at minimum, 14- to 16-character passwords, to continually monitor them and change them regularly. 

Password manager programs are safer, she said, because the human brain is not capable of remembering an unlimited number of different complex passwords.

A third step is to defend against phishing, in which criminals seek financial or other confidential information, typically via a deceptive email that looks legitimate. Do not click on those emails, which take the user to fake websites that can infect a computer.

Also do not click on a “Please click to enable software” box in a company’s tampered page to avoid infection.

Other guards against phishing include filtering spam in email accounts and offering training an awareness seminars on the job.

“You are a human firewall,” she said.

The fourth step is to constantly use what Davidoff calls “proactive threat hunting” within a work computer system to help prevent ransomware attack recurrences. Not waiting for the first attack is key.

One audience member at City Club worried about sending sensitive information from cellphones and Davidoff said to consider phones as a small computer that can still make a company vulnerable.

A former hacker called "Alien," Davidoff is a Massachusetts Institute of Technology graduate in computer science and electrical engineering. She has conducted cybersecurity training for the Department of Defense, the American Bar Association and FFIEC/FDIC, among others.

She is a faculty member at Pacific Coast Banking School and an instructor for Black Hat, where she teachers her data breaches course.

She is the featured protagonist in the book, "Breaking and Entering: The Extraordinary Story of a Hacker Called 'Alien.' " Her new book, "Data Breaches: Crisis and Opportunity," will be released later this month.

Well-connected and well-organized, ransomware criminals are relentless. For more information, see the Oct. 2, 2019 FBI alert about ransomware: