Ransomware is a kind of software commonly developed and used by hackers to restrain access to a computer system and/or database until a certain demand is met; mostly hackers want the payment of a sum of money. The hackers threaten the organization whose computer system they have blocked, that if they do not pay the sum of money demanded, the company’s database will be leaked online or destroyed completely.
This has become a quick way for hackers to earn money. In the past, when hackers had to waste a lot of time and resources snooping around a target site, this type of activity didn’t really pay off. This method was risky for many reasons and wasn’t much of a threat.
Today, things are much different. Hackers can easily gain access to a company’s database and then hold the information hostage until a ransom is paid. The advent of cryptocurrency makes the whole transaction seamless and untraceable. This is one of the reasons why ransomware is so big nowadays.
How Big A Threat Is Ransomware?
According to the FBI, businesses paid out $24 million in ransomware payments in 2015. By 2016, that number had reached one billion dollars. The average ransom is now approximately $1,000 but some healthcare organizations have reported paying $17,000 to regain access to their files. As long as companies continue to reward hackers by paying the ransom, this crime will continue to escalate.
Who Are The Likely Victims Of Ransomware Attack?
Most ransomware attacks start as a fishing expedition, which means that the hackers make out a list of organizations and their employees and then try to access their confidential information. Targeted organizations are those that contain sensitive personal information, such as healthcare and financial organizations. Many times, businesses think that the best course of action is to pay the ransom, rather than hire security and IT specialists to come in and restore access. Sometimes, organizations are embarrassed to admit that they’ve been a victim of this crime. They want to make it go away as quickly and painlessly as possible.
What Defense Strategies Can An Organization Put In Place Against Ransomware?
The very first step is to understand how a ransomware attack happens. Hackers send out phishing or spear phishing emails to employees of the organization in an attempt to get someone to click on a bad link. Once this happens, the ransomware virus is downloaded to the company’s network and all files are frozen. At this point, you have two choices: pay the ransom or call in security experts to unlock the files.
The first step for most companies is to lay out a security strategy to deal with viruses, worms, ransomware, and other forms of attack. Every organization should have a plan to address data breaches. The experts say that it’s not a matter of whether you get attacked; it’s just a matter of when. So the best course of action is to be ready. Below are few basic steps you can take:
Employees are the key problem when it comes to ransomware attacks and other viruses. They should be fully aware of the types of email scams that are currently going around. Employees should know what to look for and how to avoid clicking a bad link.
It’s not easy to be in a position where you have to negotiate with a ransomware attacker but every decision depends on the circumstances at hand. Whether you work with a managed IT provider or have in-house IT techs, it’s important for them to be fully engaged in keeping your data safe. However, if an attack does occur, you can greatly reduce your losses by being ready and knowing what to do.
Hackers stay up-to-date on the latest IT technology, so you must do this as well. Social media has opened the doors for hackers because it’s so prevalent these days and many users get careless. Start by finding a great team of security experts to help you get up-to-speed. Get all stakeholders in your organization involved in data security. Don’t get lax. Make sure employees are aware of the dangers online.
Absolutely amazing. Matthew came to the office and worked with the laptop I had tried to fix myself. He listened carefully to what I reported, then worked with it for over an hour. He asked if he could take it back to his office to work with it. I agreed on the basis of a two-hour billable cap. He took it back to his shop, I’m sure spent way more than two hours fixing it, and returned to me a laptop I scarcely recognized–faster, working wireless, updated Cisco VPN software–perfection. In the course of his magic, he was always available to discuss the configuration, asked all the right questions and gave the right answers. He met the deadline I imposed. The service was so impressive that I asked about future availability to deal with a small business network if help was needed. There’s a team of folks ready to help.”