Ransomware is the term for malicious software that locks data and holds it for ransom until someone pays the attacker to unlock it.
The number and amount of ransomware payments has skyrocketed… and therefore the number of attacks is increasing. In fact, one security research firm found the risk-benefit of ransomware is tremendously better than cocaine trafficking… before law enforcement government crackdowns.
From the Colonial Pipeline attack that caused gas shortages to disruptions in sectors as varied as shipping and the food supply… everyone can be impacted by the effects of ransomware. It’s not just big businesses being attacked. Small and medium-sized businesses like law firms are a target because of their ability to pay the ransom. Schools, local governments and hospitals are also among the most targeted because of the criticality of their services.
So how do you or your business avoid becoming a victim of ransomware?
The most common way ransomware is delivered is through phishing emails. Attackers try to trick the recipient into clicking on a link or an attachment that executes the malicious software. Often it’s a bill or invoice you weren’t expecting, and they hope you’ll immediately click on the link or attachment out of fear you’re being charged for something you didn’t order.
Another way they can deliver ransomware is by hiding the software on a USB device. Whether it’s someone finding a thumb drive and plugging it in because they’re curious to see what is on it, or even cell phone chargers. As soon as you plug in the malicious USB device, the software is downloaded and your files are encrypted. Once the data is locked, no one can view it without they key. So the hacker demands payment in exchange for the key to unlock the data.
Even if the person or company has a backup of the information, cybercriminals usually also threaten to release the data publicly if the ransom – or extortion money in this case – isn’t paid. However, regularly backing up your systems is still a critical step in protecting yourself or your company from a ransomware attack.
Another thing you can is just to keep your systems up to date by patching security vulnerabilities, updating your email, antivirus and phishing software. Those updates usually include changes that protect your system from the latest threats. Companies are a big target for cyberattacks, since they have deeper pockets than individuals. Some of the most newsworthy ransomware attacks have resulted in multi-million dollar payouts to cybercriminals. There’s no guarantee attackers will unlock or not release the data once the ransom is paid, which is why the U.S. Government discourages companies from paying ransoms. They also know that paying ransoms will only encourage more attacks.
Research shows that more than half of all small and medium sized businesses have already been hit with a cyber attack… and for those that haven’t been hit, experts say that it’s probably just a matter of time. For many small businesses, cyberattacks have dealt them a fatal blow. Due to the time and money involved in dealing with a cyber attack, it’s estimated that as many as 60% of small businesses attacked aren’t able to recover from it.
So another option for businesses to protect themselves is to buy cyber insurance. Some insurers provide proactive education and tools to help avoid ransomware, and most provide coverage for that will pay the ransom, as well as cover costs related to data restoration or recreation.
Ransomware is among the greatest cyber threats facing both individuals and businesses today. So be prepared by having your data backed up, installing patches and updates regularly, being cautious about what you plug into your machine, avoiding phishing emails, and potentially buying cyber insurance.