Imagine this: you wake up one morning, get your cup of coffee and sit down at the laptop. Like any morning, you open Cincinnati.com to read the front page of the Enquirer, you check your fantasy football lineup, you see what is happening on Facebook. Your friend Mark posted a link to something that apparently has him “ROTFL,” so you click the link and visit the site. But unbeknownst to you, the moment you visited the site, your computer was downloading malware in the background. Later that day you go back to the laptop and open it to find a message alerting you that all of your files have been locked and if you want them back, you will need to send $300.00 via wire transfer to the account listed. You have just fallen victim to a ransomware attack, and it is as easy as opening a link on Facebook.
Businesses Now the Hot Ransomware Target
Ransomware is a multibillion-dollar a year business, and unlike previous versions of malware, this version actually generates profit for the attacker. Attacks can occur on the individual level – such as the example in the beginning of this post – but often will target businesses both small and large. Businesses are particularly vulnerable to these attacks because the data they store is so valuable to keeping their venture afloat that they are generally willing to pay the ransom no matter the cost. The AppRiver Cyberthreat Index for Business Survey says 55% of small businesses are willing to pay in the event of a ransomware attack, and that figure jumps all the way to 74% for larger businesses. We tend to hear about attacks on large entities on the news – such as recent attacks on the city of Albany or on Arizona Beverages – but there are countless other attacks on smaller entities wherein the vic`tim quietly pays the ransom and regains access to their files.
Common Types of Ransomware
There are many variations to ransomware attacks. Some ransomware, like the example above, will simply lock the user out of their operating system until they pay the requested price. But other more sophisticated ransomware attacks will not only lock the user out of their system, but will also encrypt all of their files. This famously occurred between September 2013 and May 2014 with the Cryptolocker ransomware attack that targeted computers using Microsoft Windows. Cryptolocker propogated via infected email attachments. When these attachments were opened, they encrypted specific types of files on the user’s drive before presenting the message that their files had been compromised and will only be restored at a price.
Protecting against Ransomware
So how do you stay protected from these attacks? The first and most basic step to take is to make sure all of your security software is up to date. For businesses, this means budgeting for IT support services to be performed in-office on a monthly basis, or even allowing an IT firm to remotely monitor your systems. On an individual level, make sure you are running the most up-to-date version of all of your operating systems. Hackers are known to look for older systems, as they are easier to compromise, and will often pass over updated systems in search of older ones. Another simple way to stay protected is to sign up for an online backup service. This will come at an annual cost, but will be the greatest protection for a business against a ransomware attack. With an online backup service, when your business is hit by an attack you can wipe your existing data and restore it from the cloud.
But the most important way to stay safe from these attacks, and one that is often overlooked in favor of IT solutions, is simply staying educated on the ways in which these attackers can compromise your files. Most people know not to open email attachments from suspicious or unknown senders, but it is worth reiterating. Like the Cryptolocker example mentioned above, this is a very common and easy way for ransomware to infect your systems. Another thing to be cautious of is visiting social media sites on work computers. Social media – particularly Facebook – is cited by many industry experts as a security risk in the workplace. The reason for this is social media platforms give ransomware attackers a very large number of potential victims in one place. In the example at the start of the blog, the unsuspecting victim opens a link posted by their friend Mark that turns out to be a ransomware attack. The fact is that link was most likely not posted by Mark himself, but rather it was posted by the attacker after hacking Mark’s Facebook page. Social media not only gives an attacker a large pool of potential targets but it provides the added advantage of planting the attack under the guise of something posted by a trusted friend, making the victim much more likely to take the bait.
As data has become increasingly the most valuable commodity for businesses across the board, ransomware attacks have grown in lock-step to become more prevalent and more sophisticated. Taking the most basic steps towards educating employees on how to be vigilant against these attacks is paramount in stopping their growth.