This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?

Read current blogs

By John J. Jablonski, JD

When a criminal gains access to a computer system, encrypts all the electronic files, makes them unusable, and then demands payment – usually in Bitcoin – to unlock the files, that criminal likely used ransomware on your system. According to the digital security company Symantec, the average ransomware demand in 2016 was $673. Demands are usually higher for attacks against small professional practices like doctor’s office and accountants. Criminals want to make money, but not ask for so much that the victim is unwilling to pay.

If paid, some criminals actually honor the bargain and unlock the files. Some even provide a hotline and “customer service” to help restore the computer system. Other criminals never unlock the files, even if paid. The FBI discourages payment, and your insurance may not cover a ransomware payment. Some victims refuse to pay out of principle, but when files are locked and work stops, the pressure really mounts to pay the ransom.

To avoid getting held hostage by ransomware, follow these tips.

1. Do you pay? Determine whether or not you intend to pay, how you intend to pay, and under what circumstances you might pay before you experience an attack.
2. Haggle. My mom asks for discounts wherever we go. Her adage: “If you don’t ask, you don’t get.” The same is true for ransomware. Criminals can be flexible when faced with the prospect of making no money from you. Demands can be negotiated. Consider your strategy ahead of time, including your price point (usually the cost of remediating your computer system).
3. Beware of other attacks. Ransomware can be a smokescreen for other attacks. Accountants store personal information about their clients that can be used for identity theft or filing fraudulent tax returns. A ransomware attack could be covering a criminal’s tracks or acting as a diversion for a coming attack. Even when demands are met, forensics should be called to investigate whether other data was accessed. You may have a duty to give notice to your customers if their personal information was accessed during a ransomware attack.
4. Proper backups. Detailed backups of your system can be a lifeline, allowing a full restore if there is a ransomware attack. Backups, however, need to be comprehensive and protected from access. Smart criminals will work hard to encrypt everything actively connected to your computer system – including your backup system. Work with a knowledgeable backup vendor to set up your backup system to avoid malware.
5. Plan ahead. Developing an incident response plan to deal with ransomware attacks is key. As with any crisis, having a plan in place will reduce panic, quicken response time, and hopefully help you avoid being held hostage by a ransomware attack.

John J. Jablonski, JD, is a partner with Goldberg Segalla LLP, where he is an authority in the areas of technology, privacy, and data security. He can be reached at jjablonski@goldbergsegalla.com.

John Jablonski will be one of the presenters at PICPA’s Data Privacy and Security for Professional Service Organizations program on May 24, 2017.
​