The word “ransom” conjures up all kinds of memories from one of Hollywood’s most popular tropes - a dramatic character triangle between between a frantic loved one, a scheming kidnapper, and an innocent victim. There’s usually a suitcase of money too, and a hero along the way, who makes the drop and secures the child.
In most plot lines, everything usually works out - the victim is returned, the kidnapper is caught, and no money is lost, making the whole conflict seem almost cool.
But what might seem cool about a movie ransom is not so cool with real life ransomware where the innocent victim is you, or more terrifying - your business. Priceless family photos, personal information, and business data alike, nothing is off limits.
Just What Is Ransomware?
Ransomware is a type of malware that, as its name implies, takes a system hostage, encrypting its data until the attacker is paid (usually in hard-to-trace bitcoin currency) and releases a decryption key to unlock the data. IF you receive the decryption key – research varies, but between 20% and 47% of paid ransoms don't get their data back. The majority of ransomware attacks come from the links and attachments within unsolicited email messages, accounting for 59% of all infections according to Osterman Research.
According to a recent IBM Security survey, the range of ransom money typically demanded of individuals could be anywhere from $200 to $10,000 – the average ransom is about $1,000.
Like a good horror movie - where the main character is always making bad choices, the tragedy is that, like their inevitable, untimely death, a ransomware attack too could have been prevented.
Whether businesses don’t have security high on their list of priorities, are using old systems because its too costly to update, or that they think it just won’t happen to them, ransomware is real, and on the rise.
So far, financial and healthcare seem to be the most commonly targeted industries, likely because of their critical and time sensitive records, but that doesn’t mean other industries aren’t falling prey.
In May, the global Wanna Cry ransomware attack, affected more than 150 countries and major organizations, including FedEx, Renault, and Britain’s National Health Service.
Whew, those are big companies. I'm safe.
Research shows 63% of small businesses report having been attacked in 2015. And the rate of counterattacks on small businesses is increasing. Why?
Simple. If you're a thief, would you rather break into Fort Knox or the house on the corner that leaves it's doors unlocked? The average ransom is small because hackers have turned their sights on easier targets.
Although attacks have mainly targeted Windows computers and Android mobile devices, Apple computers fell prey in 2016, and i Phones will likely be next, experts say.
The worst part is that many are perpetuating the practice of ransomware by paying ransoms because they cannot afford the downtime or the thought of losing their files.
Unlike the girl or guy in the horror movie, be smart - prepare and prevent. An organization’s best defense against an attack is to start with an online back-up service that includes real-time(not just once a day) and redundant backups, along with:
- Vigilant monitoring of your network and IT infrastructure
- Don’t ignore security and software updates
- Teach employees to handle email with care - every message, link, and attachment - especially from unsolicited senders
- Encourage responsible Web browsing and warn users about “advertising” - online ads that criminals have covertly embedded with ransomware
- Have a plan in place if an attack were to happen (how would your business function on paper?)