Cybersecurity Ventures predicts that globally, every 14 seconds, a business will be hit by ransomware by 2019. This troublesome type of malware is expected to spread following its ‘success’ this year and make up a larger share of total cybercrime by 2021.
Ransomware is now being offered as a service, with some sellers purportedly making over $100,000 per year. It’s an efficient model that reduces barriers to entry and start-up costs for online criminals looking to get a piece of the action. The Ransomware Economy Report by Carbon Black, revealed that from 2016 – 2017, the ransomware market grew by 2,502% from $249,287 to $6,237,248.
Even if you believe your business has nothing worth stealing, you still need to ensure you have adequate protection. They might not be after your data at all, but instead looking to extract a ransom fee to have what data you do store returned.
The impact on businesses is reflected in the Official 2017 Ransomware Report. Whilst the overall amount of people giving in and paying the ransom is falling, the total cost to businesses is still rising. The $11.5billion estimated figure takes into account damage/destruction of data, downtime, lost productivity, post-attack disruption, forensic investigation, restoration and deletion of hostage data and systems.
Here’s some quick and simple tips on keeping yourself safe from ransomware:
Keep your files backed up: The best protection from ransomware is to keep an up-to-date, clean backup of all of your files. The backup needs to be kept externally from your network and not connected to the internet. This way if you do find yourself a victim, you’ll be able to get back on your feet quickly, without a massive loss of data.
Be vigilant with your emails: According to KnowBe4, 91% of cyberattacks (including ransomware) begin with a spear phishing email. Unfortunately, phishing e-mails aren’t a problem you can stop by throwing money at it. You need to create a culture of awareness among your employees. Utilise training, show them examples and make sure everybody knows what to look for and what not to do. For more information on how to identify phishing emails, take a look at our blog post.
Use antivirus software and keep it updated: Antivirus programs have the ability to scan files and identify whether or not they contain ransomware before downloading them. Keeping your software updated will ensure that your antivirus is able to detect and stop all of the latest malware/ransomware additions.
DO NOT pay the ransom: As mentioned previously in this article, paying the ransom is on the decline, but people do still pay. Paying the fee encourages the criminals to continue their attacks and it does not always mean you will get your files back.
Whilst the widespread ransomware attacks earlier this year weren’t ideal for anyone, at the very least they served to highlight its ability to spread rapidly and render vulnerable businesses almost useless. Be sure to keep this in mind when you’re considering your cybersecurity options, spending a bit more money on protection will save you money in the long run.
CIOs, CISOs (Chief Information Security Officers), and IT security teams need to heighten their awareness and response plans around the ransomware threat. Cyber defense needs to cross boundaries so that every IT worker understands exactly what ransomware is, how it infects organizations, and how to combat it. “Ransomware is a game changer in the world of cybercrime” says Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. “It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.” “Ransomware uses social engineering as its main infection vector” says KnowBe4’s Sjouwerman.