“Your computer has been compromised. To unlock it, you must pay $1,000 within 24 hours. If you do not send the money within the allotted time, all of your files will be encrypted – permanently”.
Every day, thousands of people receive messages just like this, threatening to cause massive disruption to websites and businesses. This is the reality of ransomware. And it’s on the rise
A recent report found that ransomware was responsible for 39% of malware-connected breaches in 2017 – double the figure from 2016.
So, what is ransomware? How does it work? And why is it so devastating for businesses?
The A – Z of a ransomware attack
Firstly, it’s important to note that there are two types of ransomware. One type encrypts files on an individual computer or network. The other freezes a user’s screen.
Victims must pay a ransom in both scenarios, usually in a cryptocurrency, in exchange for an unlock code, or key. If a user fails to pay, a hacker will prevent access.
Often, hackers infect a computer or network with ransomware through phishing. In fact, email is now the primary access point for malware, with 96% of attacks passing through user inboxes.
Ransomware can also infect a network via a malicious website, taking advantage of security vulnerabilities.
Once in, the ransomware virus begins to encrypt files and relocate them to third-party encrypted folders. Only the hacker can access these folders. And until you pay up, your data stays with them.
Who’s at risk from a ransomware attack?
Ransomware attacks can devastate businesses. Datto’s 2016 ransomware report found that in that year alone, small businesses in the U.S. lost $75 million in downtime on the back of ransomware attacks.
On top of this, 48% lost critical data. That’s information that allows these businesses to operate – and make money.
Often, attackers demand nominal ransoms. It’s about quantity, not quality. Hackers know that small to medium-sized businesses can afford to pay small ransoms. They also have less to spend on security. This makes them prime targets.
When you realize you’re security measures don’t cut it
So, what happens if you are infected? In this situation there is very little you can do aside from employing security professionals to try and retrieve your data.
All experts advise against handing over a ransom. The advice is simple. Never pay. Never negotiate.
Many believe that giving into the demands of the hackers fuels the practice. What’s more, there’s no guarantee that a hacker will release your site after they’ve been paid. They could demand more.
How to guard against an attack
Ransomware is constantly evolving. Recently, hackers released a malware program that encrypted data, stole passwords and sent them to a remote hacker.
Undoubtedly, those passwords will end up for sale on the Dark Web to be used in third-party hacks.
But thankfully, there are plenty of measures you can put in place avoid ransomware attack altogether. No matter how advanced it might be.
1. Tighten your security protocols
You’re never going to be 100% secure, but patching vulnerabilities in your security software is one way of mitigating risk. Leaving those vulnerabilities in place is like opening the door to attackers.
It’s also good practice to limit software installation permissions and filter outgoing web traffic. Configure your email client to reveal hidden file extensions and block .exe files too.
2. Make sure your staff are in the know
As with all cybersecurity threats, understanding is everything. Secure your business by training your staff.
With so many ransomware attacks stemming from malicious email attachments, it’s vital that your team can spot a suspect message.
A well-trained member of staff is the first line of defense against a ransomware attack.
3. Access all areas? Absolutely not
Don’t let ransomware go viral and affect every corner of your business. You can limit the damage by only allowing team members access to the areas of your website they need.
Limiting access means that even if an attack is successful, it will only disrupt a small sector. And it won’t disable your business entirely.
Administrators should also be vigilant about web browsing while logged onto your company’s network.
4. Backup, backup, backup
Backup your data once. And then do it again.
The worst-case scenario for your business is that ALL your files fall into the hands of hackers. If that happens and you don’t have a backup. You have no choice but to meet their demands.
Keep your backups in a separate space away from your network.