Ransomware: What Is It?
Ransomware is a type of malware that encrypts the files on your computer or network server. To restore access to the encrypted files, you must pay a “ransom” to the cybercriminals, typically through an electronic payment method such as Bitcoin. Identifying who owns a Bitcoin account is extremely difficult.
How Does Ransomware Spread?
Ransomware is usually spread through spam emails. Opening the attachment, often disguised as a legitimate file, or sometimes even just reading the email can activate the file encryption.
Ransomware Increases
- Over the last few years, there has been a dramatic increase in the number of large and successful ransomware attacks against organizations.
- It is predicted that a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cybersecurity Ventures)
- 1.5 million new phishing sites are created every month. (Source: webroot.com)
Statistics show that hackers are focusing more steadily on large businesses who will often pay tens of thousands of dollars to receive their data back. Unfortunately, the impact of a ransomware attack on an organization extends far beyond the cost of the unlocking payment.
Businesses absorb costs associated with loss of data, reduced or lost productivity, forensic investigation, restoration of data and systems, lost revenue, and reputational damage. For example, a leading global health and consumer goods company reported that it would see a 2% reduction in revenue growth for the quarter due to the impact of the recent Petya ransomware on its ability to invoice and ship products to its customers.
- The NotPetya ransomware attack cost FedEx $300 million in Q1 2017.
- More than half of ransoms were paid bitcoin because it is hard to trace back.
Who Are These Cyber Thieves?
- CryptoWall – a newer version of CryptoLocker, one of the earliest threats.
- Locky – typically spread through a Word or Excel “Invoice”
- Petya and NonPetya – spread through an attached PDF file.
- WannaCry – affected 400,00 computers across the world in May 2017.
How Do We Reduce the Risk of Ransomware?
Educate the weakest link. The vast majority of ransomware requires someone to take action to activate the malware. Educating ALL employees about recognizing and defending against cyber attacks is vital. Most attacks use email or social engineering techniques to trick the employee into downloading malware or divulging their username and password. For this reason, training should focus on these common methods of attack. Training exercises where employees are sent fake “phishing” emails are effective in showing users how to distinguish between a genuine supplier communication and a phishing email with the subject line “Invoice Attached – please open.”
Patch, Patch, Patch. As demonstrated by some of the recent attacks, neglecting to update software and operating systems regularly to patch known security vulnerabilities can leave your company exposed. Even months after a known issue was exploited for the WannaCry and NotPetya ransomware attacks, it was estimated that at least 38 million PCs remain unpatched. It’s relatively simple for cybercriminals to identify unpatched devices and software on a company’s network. Once these units are identified, they can be affected easily.
Back up your data, and back up your backup. To some, this may sound obvious, but ransomware can encrypt backups stored on network servers. As a result, organizations and companies need to review their current approach to backing up data on a regular basis.
Are employees backing up important files to a network drive?
Are the backups from these devices and the file servers then backed up to a cloud backup service?
Is testing done to ensure that the backups can be restored?
In this way, if ransomware encrypts all local files and backups, clean files can still be restored quickly with minimal impact to the business.
Allow Our 10X Team To Help You
10X Consulting Group can review your security setup, help make revisions to your design and work with you to have a secure network in place to ensure the most minimal possibility of a ransomware attack.
Contact our team by calling 704-931-1056 or e-mail: Sales@10xcg.com