Ransomware is malware that infects computers (as well as mobile devices) and restricts their access to files, and the attacker usually threatens permanent data destruction unless a ransom is paid. Users are given instructions for how to pay the ransom in return for the decryption key to get back their data. The ransom can range from few hundreds to thousands of dollars, payable to the cybercriminals via cryptocurrency such as Bitcoin. Ransomware attacks have grown into epidemic proportions globally and are notorious as the “go-to method of attack” for cybercriminals.
The number of emails infected by ransom software went up by 6,000% from 2016 to 2017, according to a review by IBM Security. Global ransomware damage costs was predicted to reach $5 billion in 2017, up from $325 million in 2015 (Ransomware Damage Report, Cybersecurity Ventures). Intermedia reported that, during the past year, about 48% of IT consultants have seen an increase in ransomware-related support inquiries from customers across 22 different industries. With this sudden increase in the frequency of attacks and such huge damage costs, enterprises around the world are wondering if they are vulnerable to this threat.
Is your business at risk?
Although some industries seem to be bigger targets than others, data suggests that no sector is completely immune to ransomware attacks. More than 20% of organizations in the Education, IT/Telecoms, Entertainment/Media, and Financial Services sectors have been victims of ransomware attacks. Just as no industry sector is immune, organizations of all sizes — from large enterprises to SMBs — are seeing attacks come their way. Among all the companies that experienced ransomware attacks in 2017, 7 out of 10 fell victim to at least one that bypassed their security and successfully encrypted their files.
Ransomware usually targets systems that run on a vulnerable operating system. Further, the lack of a backup and disaster recovery system and outdated anti-virus are critical issues that increase vulnerability.
Here are some simple tips to protect your business from such attacks:
- Ensure that your operating system is patched and up-to-date, so that there are fewer vulnerabilities that can be exploited.
- Don't install unverified software or give administrative privileges to software unless you are sure about what it is and what it does.
- Install antivirus software, which detects malicious programs such as ransomware as they arrive, and whitelisting software, which restricts unauthorized applications from executing.
- Finally, back up your files, frequently and automatically! Although this won't directly stop a malware attack, it can reduce the impact of damage caused by one.