Providing IT support in Nashville for 300+ small and medium-sized businesses means we see first-hand that local companies are increasingly the targets for all types of malicious software, from viruses to spyware, adware, scareware… the list goes on. But the biggest threat has emerged over the past couple of years, and, as it stands in 2016, it’s the most dangerous cyber-attack scheme: ransomware.
What Exactly is Ransomware?
Ransomware is indeed a form of malware, but it’s unique in both its attack and driving goal. Instead of stealing private data, ransomware blocks access and encrypts data (or puts apps on lockdown) until money is paid in ransom to the hacker. Usually this ransom amount is paid in an untraceable e-currency (such as bitcoin) to simplify their cash grab.
In this way, ransomware isn’t really like your typical malware at all. Think of it more as “cyber-extortion.”
In a recent MSPmentor podcast, Hal Lonas, CTO of security software provider Webroot, offered a succinct explanation of how ransomware has flipped the security threat paradigm on its ear: “It used to be that the bad guys wanted data because it was valuable to them,” he said. “With ransomware, they’re essentially asking: ‘Your data isn’t valuable to me, but how much is worth to you?’ It’s scary how smart it is.”
Damages from Extorted Data
So, how much money has been stolen as a result of ransomware?
Well, in 2015, ransomware attacks worldwide raked in roughly $325 million for cyber criminals. But even more shocking is a recent statistic from the FBI – that in just the first three months of 2016, more than $200 million was paid out by victims. That’s a tenfold increase year-over-year, and the experts say that the trend could keep rising. And, since so many ransomware attacks go unreported, this only represents a fraction of actual attacks.
Below are some other facts on the associated dangers of ransomware:
- Email is the most common method for distributing ransomware. Due to the uptick in ransomware, the first three months of 2016 have also seen an increase in phishing emails… by 6.3 million. That’s a 789% increase over the previous quarter.
- In 2014-2015, around 27,000 corporate users were attacked. Compare that with 2015-2016, when that number rose to 158,000 – a six-fold increase. According to security vendor Kaspersky Labs, this is because corporations can afford to pay higher ransom and cannot tolerate a complete loss of their systems.
- According to Webroot, 97% of malware today can morph to become unique to each endpoint device—rendering traditional, signature-based security virtually useless, and highlighting the need for backup.
- Webroot also reported that 100,000 net new malicious IP addresses were created per day in 2015, up from 85,000 a day in 2014, indicating cybercriminals are expanding to new IPs to avoid detection.
With ransomware, it’s not an issue of “if” but “when” it will affect your company.
If your small business hasn’t made preventative plans yet against ransomware, there’s still time. Below are 3 steps to help combat the threat:
3 Steps to Avoid Paying Ransomware
1. Get protected. Antivirus software is a must, as is firewall filtering and web security. Also, make sure all business software is regularly patched and updated to avoid newly identified threats entering your system.
2. Stay educated. Know your current policies on data security, and make sure everyone at your company knows them too. By training your employees in cyber-security, you can keep your entire team educated on the latest in malicious cyber-attacks, from spotting phishing emails that could be holding ransomware to knowing online security protocols for avoiding other malware threats.
3. Arrange for backup. Data loss can result in significant financial loss, especially if your data is held hostage. If your business doesn’t have an enterprise-grade backup and file sync system with strong encryption and controls, now is the time. Make sure that your data is always secure and readily available.
When it comes to the threat of ransomware, the benefits of a data protection solution mean:
- Your business will never need to pay hackers ransom to get critical data back.
- Your business will avoid data loss – from ransomware or other – since backups are taken frequently and can be restored quickly.
- Your business won’t experience significant downtime (since users can access critical data and applications while primary systems are being restored).
For more information on ransomware and how to proactively keep your small business protected from the latest cyber-attacks, contact us. We’ll help make sure your data is safe and sound.
Ransomware statistics provided by Datto.