What you need to know about Ransomware
The latest cyber threat costing businesses money through extortion is ransomware. Ransomware is a form of malicious software, or malware, that blocks a user from their computer system and/or data until a ransom is paid. Ransomware was predicted and confirmed to be the number one cybersecurity threat due to its high profitability. According to the 2019 Cybercrime Tactics and Techniques: Ransomware Retrospective report by anti-malware organization Malwarebytes, ransomware directed at businesses increased 365 percent from 2018 to 2019.
Ransomware is delivered via phishing emails or unknowingly visiting an infected website. U.S. companies have taken the brunt of ransomware attacks across the world, with organizations out of Texas, California and New York being the hardest hit. Any organization is at risk of being a victim of this prevalent threat, with industries like education, healthcare and government entities, such as cities and municipalities, being targeted the most.
While there are many forms of ransomware in circulation, there are two main types of ransomware. Both forms are equally costly and dangerous.
- Crypto Ransomware: Fraudsters encrypt files on an organization’s network which blocks users from accessing them. Fraudsters will only reverse this encryption after their payment demands are met.
- Locker Ransomware: Fraudsters lock down devices and prevent users from accessing them until their extortion is paid.
How can you protect your business from this risk? Here are some strategies below that may help your business thwart this attack.
- Install new security patches as soon as your operating system and internet browser developers make them available.
- Never click on links or open attachments from unsolicited emails.
- Consider purchasing cyber insurance.
- Implement spam filtering to block emails that may contain malicious URLs.
- Use an email testing environment to automate the scanning of attachments and URLs before delivering them to your organization’s email network.
- Maintain a proactive retainer for an incident investigation service. If needed, this service can help you determine the source and scope of the breach, collect and analyze evidence and outline remediation steps. Ensure the incident investigation service is approved by your cyber insurance provider.
Here are a few points to consider if your organization becomes a victim of a ransomware attack:
- Contact law enforcement. Ransomware attacks and extortion are crimes and should be reported as such. Any information provided could help the FBI apprehend the criminals responsible for the attack.
- Quarantine any infected devices and remove the threat. This could prevent the threat from spreading through your network. Watch your other devices for any signs that the malware has spread.
- Restore your organization’s data affected by the ransomware attack. Ensure you do regular backups of your data and keep it stored on a separate device that is not connected to the internet.
- Contract with an external law firm that specializes in data protection and corporate cyber security breaches. They can advise you on federal and state laws.
The tips above are not comprehensive for what your business should do to protect itself from ransomware, or for steps to take if you become a victim. Keep cyber security top of mind and educate your employees. As fraud threats change quickly, it’s important to stay on top of trends to ensure you’re doing all the right things to protect your business and your customers.