Ransomware payments for 2017 are expected to hit over 2 billion dollars, according to the FBI. That compares to just $24 million paid in 2015. And it’s expected to get even worse in 2018. Big and medium-sized companies are more attractive extortion victims, since they can pay a bigger ransom, however, an IBM report says small businesses need to know about ransomware as they are also at risk because their employees often lack training in workplace IT security. The study found that only 30 percent of the 200 small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.
Ransomware is a family of malware that blocks access to a PC, server or mobile device, or encrypts all the data stored on that machine. It’s typically delivered via malicious email or infected third-party websites. To regain access or control of the data, the user must pay a ransom — typically via bitcoin. The encryption is unbreakable and simply removing the malware will not solve the problem. The victim is forced to pay for the unique software key that will unlock everything. Malwarebytes reports that 60 percent of all malware observed last year was ransomware.
A ransomware attack happened recently to a high profile law practice in Boston, after infecting and encrypting all client data because a low ranking associate opened an attachement that appeared to be from a vendor. Because the practice did not have a backup plan in place (they had local backup and an inexpensive, not encryped cloud backup “solution) they had no choice but to pay the $62,000 ransom in bitcoin to retrieve its own data! The practice has been targeted numerous times by ransomware attacks, but decided to go public with this information as a warning to other small businesses who also need to know about ransomware and why secure backup solutions are so important.
The St. Louis public library system was also attacked last year by ransomware that took down circulation and public access computers at all of their 16 library branches, according to the St. Louis Post Dispatch. The hackers demanded a $35,000 ransom to free up the 700+ computers. The library was able to refuse paying because it knew backups were important and already had a robust back-up and recovery system which allowed library IT staff to restore the affected servers after fully wiping them.
Ransomware is a growing threat to businesses of all sizes. A 2016 IBM survey of 600 businesses shows that nearly half of the executives surveyed said their company had experienced a ransomware attack and 70 percent of the businesses infected with ransomware had paid a ransom. Ransom was more than $10,000 for half of those businesses that paid.
How do you protect yourself from ransomware?
- Don’t open attachments from an unknown sender. IBM found that nearly 40 percent of all spam emails sent in 2016 contained ransomware. Be particularly careful with zip files and images that you did not download. If you see a new image or graphic file on your computer that you don’t recall downloading, do not open it. The Locky ransomware program now has Facebook and LinkedIn vulnerabilities, and is can place files, typically in the form of images, from social media sites onto on your computer, according to Ars Technica.
- Make sure your saved data is being backed up daily. Ask your IT team to confirm if the location where your data is being saved is backed up to avoid any uncertainty about whether your data is safe.
- Don’t assume your desktop or laptop is being backed up. If you have not been told by your IT team that your desktop or laptop, specifically, is backed up, assume it is not and do not save irreplaceable data there.
- Reassess your data backup and restoration process. Ask your IT team how far back backups go and test it out. Create a test file, allow for it to be backed up and then delete it. Wait a week or two and ask for it to be restored. This should clarify the scope and history of the backup in place and allow you to review the process for requesting a file to be restored.
- Update, patch and purge. You should be set to receive automatic security updates and patches for all software, including operating systems, apps and security software — on all devices. Delete any applications that you rarely or never use.
- Disable those macros. IBM reports that document macros are now a common way to deliver ransomware, so macros for email and documents should be disabled by default.
- Don’t pick up or use USBs from an unknown source. Hackers are now using USBs to spread ransomware so don’t use USBs you find or borrow or from free giveaways at conferences as you don’t know whether they are infected. If an infected USB is plugged into the computer port, it will install malicious code onto the computer, infecting it and any device on an unprotected network.
- Contact the FBI if you are affected. If you are affected by ransomware, file a report via the FBI’s Internet Crime Complaint Center. The FBI also has tips for protecting yourself and your organization.
- Provide security training to your employees. The greatest threats to our data security can come through email, but spoof emails and phishing scams are getting harder to detect, especially when they come with a logo from your local bank or another trusted company. According to the 2014 McAfee Labs Threats Report, 80% of business users failed to spot a malicious email. Understanding how to recognize and handle these types of threats, as well as sharing this information within your organization, could help mitigate the risk of a data breach. We provide some tips you can share with your employees in our blog, How Cyberattacks Hurt your Business