By now most of you have heard about Ransomware but hopefully have not (yet) had to deal with its’ effects. A simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Island,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near catastrophe of the latter to having your company’s data hijacked by computer hackers, ransomware can in many cases end in disaster for your business.
Just in case you are unfamiliar with Ransomware (what rock are you living under?), here is how Wikipedia defines it: “a type of malicious software designed to block access to a computer system until a sum of money is paid.”
Let there be no mistake, Ransomware is the most insidious, ugly, mean, dirty, business killing piece of malware I have ever come across. The way in which these nefarious operators commandeer your information and deny you access usually involves some fairly sophisticated stuff. The ransomware they install on your system “locks up” your data with encryption keys such that it cannot be used unless you forfeit some money (typically $300 – $500 in BitCoins) to have the data unencrypted.
Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click.
Cyber criminals armed with ransomware are formidable adversaries. While small-to-mid-sized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability. Security software is essential, however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup.
The fact is, there are shady, technologically savvy characters out there who are willing to do us harm. Never underestimate the dedication or expertise of today’s hackers. They are constantly adapting and improving their weapon of choice. Keeping them at bay takes vigilance.
If you would like more information on ransomware please don’t hesitate to send me an email asking for your copy of our BUSINESS GUIDE TO RANSOMWARE.
Bob Milliken is the TheITguy@CascadiaSystemsGroup.com specializing in helping businesses with their IT needs and keeping CyberCriminals.at bay