The number of ransomware attacks is increasing at an alarming rate, making ransomware the biggest cyber threat that businesses are facing today. To see this disturbing trend, you only have to turn back the clock to the beginning of 2016. There was a 30 percent increase in the number of ransomware attacks in the first quarter of 2016 compared to the fourth quarter of 2015, according to Kaspersky Lab’s “IT Threat Evolution in Q1 2016” report.
The situation is getting so serious that the United States and Canada issued a joint cyber alert about the dangers and prevalence of ransomware attacks. The alert recommends that businesses take preventive measures to protect their computers from ransomware infections.
So, what should you do to protect your business? First, you need to learn what ransomware is and how it is spread. Armed with this knowledge, you can take measures to secure the points at which ransomware might enter your business. You also need to prepare for the worst-case scenario — a ransomware infection occurring, despite your best efforts to prevent it.
Ransomware is a type of malware that cybercriminals use to extort money from businesses and individuals. It usually encrypts files, but it also might lock computer systems. The cybercriminals then demand a ransom for the private key needed to decrypt the data.
Cybercriminals use a variety of techniques to spread ransomware. One common way is to use phishing or spear phishing emails that try to trick the recipients into clicking links or opening attached files. If they fall for the ruse, their computers will likely become infected with ransomware.
The Locky ransomware attack in February 2016 is a good example of this distribution technique. Cybercriminals sent out phishing emails that included an attached Microsoft Word document, which contained a malicious macro. Recipients who opened the attachment and enabled the macro had their computers infected with the Locky ransomware.
Another common way that cybercriminals spread ransomware is through drive-by downloading. Cybercriminals either build a malicious website or post a malicious advertisement (aka malvertising) on a legitimate one. When users visit one of these websites, code is installed on their computers without their knowledge. The code usually redirects the users’ browsers to a server where an exploit kit tries to find a known vulnerability. If one is found, it is used to install malware. In April 2016, cybercriminals delivered the Locky ransomware this way. They took advantage of a vulnerability in Adobe Flash Player to install Locky on users’ computers.
Cybercriminals do not just stick with their old tricks for delivering ransomware. They also come up with new ones. For example, in a series of attacks during March and April 2016, hackers exploited a known vulnerability in servers running Red Hat’s JBoss software to install backdoors, which they then used to deliver ransomware.
When it comes to ransomware, you need to do all that you can to prevent the infection. Consider taking these preventative measures:
Cybercriminals are constantly devising ransomware variants and new ways to spread them, so you need to prepare for the possibility of an infection. Specifically, you should regularly back up your files as well as test those backups. If you know you can recover your files from backups, you will not have to give into cybercriminals’ ransom demands should your business fall victim to a ransomware attack.
Now is the time to take action to prevent ransomware infections if you have not yet started. Waiting could be a costly mistake. Besides the expenses incurred from having to restore your systems and files, there will be lost income due to the disruption of your business operations.
Your IT service provider can help you take the necessary actions to protect your business from ransomware. It can also help you set up effective backup and restore operations.
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.
to discuss your requirements.