In case you didn’t know, ransomware is on the rise.
Back in 2013, ransomware — a type of malware that locks access to a computer system or associated data until a ransom is paid to the attacker — was only the 24th most common type of malware, but according to the most recent Data Breach Investigations Report (DBIR) from Verizon, it is now the fifth most common. And over the course of this past year, many ransomware attacks have shifted from targeting individual users to focusing on organization-wide assaults.
Just this past week, operations at 76 international ports spread across Asia, Europe, and South America were disrupted due to a ransomware attack, which demanded $300 in bitcoins to unlock encrypted systems.
The frequency of cyberattacks is only going to increase, and your business needs to be prepared. Read: Want to Improve Cybersecurity? Think Like a Bad Guy
While the incident is still under investigation, experts believe that the software was distributed by hijacking the update process for a popular tax application in the Ukraine and by hacking a local news site to upload the malicious code to unwitting visitors.
The ransomware, dubbed GoldenEye, then spread to the country’s electrical grid, logistics infrastructure, and government offices. Even the Chernobyl nuclear disaster site was affected, as workers were forced to monitor radiation levels manually due to key systems being offline.
If this story seems familiar, it might be because a little over a month earlier, back in May, 200,000 computers across 150 countries were held hostage by the WannaCry ransomware strain, which also demanded a $300 payment to unlock encrypted user data files.
How Can You Keep Your Business Safe from Ransomware?
Stay up to date
It may be clichÂ€_Ã¥Â© at this point, but it makes it no less true — keeping software, including operating systems, up to date is critical for any cybersecurity program. Security exploits are constantly being identified and addressed with new code, and if the systems in your business are running outdated software, you’re asking for trouble.
It was these legacy platforms, in fact, that allowed the WannaCry strain to spread so quickly. And to deal with the crisis, Microsoft was forced to release security patches for a number of Windows platforms that it had stopped supporting.
Address the human element
Much like biological viruses, ransomware strains often rely on human activity to spread. And according to the Verizon DBIR mentioned earlier, crimeware (the group of malware that includes ransomware) is transmitted by email in 80 percent of cases, with phishing and other social engineering schemes involved in 21 percent of incidents.
By implementing effective email monitoring and web security tools, your business will be able to avoid the majority of these attacks. But employee negligence or ignorance coupled with a well-phrased phishing email can quickly undo these efforts.
Supplement your technology with regular data security training for all of your staff. When your employees — including key executives who are often the target of social engineering schemes — are aware of their individual responsibility in protecting your business, they are less likely to click on suspicious links or open malicious attachments.
Ransomware attacks specifically target your records, making commonly used files inaccessible until you pay up. But by backing up your data — at least the most critical information — your business can weather a ransomware attack without too great a disruption to your day-to-day business activities.
Consider supplementing your network storage environment with redundant systems that offer version control for stored files, which would allow your business to recover the earlier, unencrypted versions. Or deploy a tape backup solutions that stores files independently.
When your important records are stored in more than one location, every site and server will need to be infected for the ransomware to succeed.
The Next Step
Unfortunately, ransomware appears to be a lucrative scheme for ne’er-do-wells the world over, so it won’t be going anywhere anytime soon. And with businesses increasingly being the focus of these attacks, your company needs to be prepared.
To help build a security conscious culture at your business, request a demo of our security awareness courses.