Ransomware is the latest evolution in cyber threats and malicious Internet schemes. Last year, more businesses were struck by ransomware than ever before, and that trend is expected to continue. As a result, it’s essential for all professionals to learn more about ransomware and how to defend your company.
What is ransomware?
Ransomware is a program that infiltrates a computer system and restricts access to the system or certain files. The software encrypts data so you need a key to access it. For example, when the St. Louis Public Library suffered a breach, some 700 computers at 16 branches were affected by ransomware. The attack affected both the computers designated for public use and those used by library staff. The necessary access key is only provided once a sum of money is paid, and—like any ransom—payment doesn’t guarantee a successful return outcome. Some files may be lost permanently.
Why is ransomware successful?
Ransomware schemes work because perpetrators know that data is power. Attackers can interfere with operations or damage a company’s reputation. These hackers know they’re more likely to be paid if they request a relatively small dollar amount; it’s often cheaper for a company to pay a ransom than to pay IT to beat the encryption.
The Internet of Things (IoT), or the inter-networking of smart devices, also facilitates the spread of ransomware, because the processing capabilities of connected TVs, cameras, and other devices can be leveraged to “aid” in an attack. In a stunning demonstration of these devices’ vulnerability, The Atlantic built a fake web toaster only to have it hacked within the hour.
How can you protect against ransomware?
Your company should have a firewall that is up-to-date with the latest security patches. Make sure you also have robust data recovery capability—ideally, you can simply restore your own data without needing to pay a ransom. Trends toward cloud-based services are also promising, since those services are typically isolated from malicious emails and downloads.
Additionally, train your staff in security and disaster response. Test response procedures with tabletop simulations or virtual exercises. Your successful recovery is more likely with a practiced plan in place.
The number of ransomware attacks is increasing with new variants popping up daily, so protecting your digital infrastructure is not optional. If you need help securing your tech environment or building a response and recovery plan, click here to sign up for a free IT assessment today.