Imagine your company’s most valuable assets being held hostage by wrongdoers. What would you pay to get them back? How far would you go to prevent them from being taken in the first place? Most of us can’t conceive of malicious infiltrators storming our offices and work sites, holding our employees, work products, and intellectual property hostage until we pay up. But that is exactly what is happening with alarming regularity in recent years — virtually, through the use of ransomware.
In 2016, ransomware attacks grew by 600%, costing businesses 1 billion dollars.
As the wave of worldwide attacks strengthens, businesses of all types and sizes are forced into the agonizing choice between paying criminals or sacrificing their priceless and sensitive data, their competitive edge, and the confidence of their customers and investors.
What Is Ransomware?
Ransomware is any malware hackers use to hijack your business’s data. Ransomware attackers usually refuse to cede control of your data until you pay them. It’s the digital equivalent of a kidnapping.
Here is how a modern attack might go down:
- A user at your company unwittingly clicks on a suspicious link in an email or downloads a questionable attachment.
- Almost immediately, the malware gains a toehold in the user’s system, spreads itself, and locks down important documents with encryption.
- When the user attempts to access their system or documents, the malware informs them it will decrypt the data only after receiving payment (often via Bitcoin or other hard-to-trace methods).
- The attackers may also threaten to expose your sensitive data to the world if you don’t meet their payment demands
The Cost of Ransomware
Cybercriminals use ransomware to exploit the new digital economy. For almost every business, the data contained on our computers, servers, and mobile devices is just as valuable — if not more — than any physical asset in our inventory. Most of us will pay a premium to get it back.
In fact, in a recent study, IBM found that:
- 70 percent of executives targeted in ransomware attacks paid to resolve them.
- Half of those executives paid over $10,000 in ransom. 20 percent paid over $40,000.
Meanwhile, Symantec reports the average demand in a ransomware attack has climbed to $1,077. And a Kaspersky Security Bulletin says that 20 percent of small- and medium-sized businesses that paid their ransoms never had their files decrypted.
Is Your Company at Risk?
If you’re not taking steps to protect yourself against ransomware, your company is at risk. More than a quarter-million computer users found this out the hard way when they fell victim to this spring’s massive WannaCry attack.
High-profile WannaCry targets included the U.K.’s National Health Service, Telefónica, and FedEx. How can you avoid joining their ranks the next time a WannaCry-type attack sweeps the globe?
4 Ways to Prevent Ransomware Attacks at Your Company
When you get down to it, ransomware is just another type of malware. So preventing it involves many of the same methods you would use to keep viruses off your network and your users safe from phishing.
The rise of ransomware, however, does emphasize the need for up-to-date and accessible backups. When your company can easily recover the files compromised by it, cyberattackers lose their leverage.
Here are four tips for preventing ransomware attacks at your company:
1. Train Your Users
Proper employee training can guard against a whole host of cybersecurity threats. Ransomware won’t get into your network if nobody inadvertently invites it in.
Teach your users to be cautious when clicking on links in emails and downloading attachments. Instruct them to be suspicious when receiving emails from people they don’t know and to look closely at the addresses and names of the people they do.
Many outside IT providers can help you devise a plan for educating your employees about online risks.
2. Keep Your Virus Protection Up to Date
Because ransomware is lucrative, hackers are continually “improving” their malware to evade security measures and exploit new software bugs. Your company’s antivirus tools need to stay at least one step ahead of the bad guys.
A good managed IT security provider will make sure the antivirus software installed on all your company’s systems are always the latest and greatest. They will update the software remotely, so you and your users don’t have to worry about it.
3. Upgrade Your Firewall
To function properly, ransomware needs to communicate with a central server where the encryption key is generated. A good firewall, configured correctly by IT experts, should be able to detect and shut down this communication, thereby rendering the ransomware useless.
4. Backup, Backup, Backup
Your best line of defense against ransomware is a reliable backup strategy using state-of-the-art backup tools. Keep in mind: Ransomware can worm its way throughout your network, including onto your backup servers. It’s important to maintain backups in locations ransomware can neither find nor infect.
The FBI suggests:
“Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.”
You should check your backups regularly for integrity and to make sure the restoration process works, the FBI says.
Software like Acronis Backup has Ransomware protection and detection built into it. In addition, managed backup providers will keep your valuable company data safely out of the hands of cybercriminals, ready for you to access whenever you need it.
For example, here at Computero, our cloud backup services include:
- The ability to backup data from any system (help desk, CRM, HR, financial/accounting, shared drives, SharePoint, and so on).
- Regular backups at convenient times.
- Secure data encryption.
- Your data, available anytime from anywhere.