Just when you thought ransomware couldn’t get any worse, it has.
Criminals are now operating so-called “ransomware-as-a-service” business models. Essentially, dark web programmers set up all the technical needs to operate a ransomware business, put the code out for anyone to use, and they make their money by taking a portion of the ransom spoils for themselves.
Dot ransomware is the latest of these. Because the service is free (as long as the person who uses the ransomware splits the money they extort), there’s no reason for bad actors not to hop on the latest cybercrime trend.
This type of malware has become much more popular over the last couple of years. It has affected systems as small as individual computers to gargantuan and essential networks like those used by large hospitals.
“The digitization of memories, financial information, and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware,” Limor Kessem, Executive Security Advisor at IBM Security, wrote in a 2016 report. “Cybercriminals are taking advantage of our reliance on devices and digital data, creating pressure points that test our willingness to lose precious memories or financial security.”
According to the January 2017 State of Ransomware report sponsored by security firm Malwarebytes, ransomware distribution between January 2016 and November 2016 increased by 267 percent. Ransomware detections accounted for 12.3 percent of all enterprise threats.
Research by security firm Kaspersky revealed that in 2016, small and medium-size businesses were hit the hardest—42 percent fell victim to a ransomware attck in the past 12 months. Of those, one in three paid the ransom, but one in five never got their files back even though they paid.
So, what should you do to prevent your systems from being affected by ransomware? First of all, don’t open suspicious emails or click links sent by unknown parties. Most ransomware comes from opening emails that contain the malware or clicking a link that takes them to a website that installs the malware on their system
Educate employees. “This includes educating staff to the point where they understand threats and don’t fall prey to the phishing emails that quite often launch ransomware attacks,” Andy Buchanan of internet security firm RES told ComputerWeekly. “They should also ensure proven technology approaches are used—such as whitelisting, permission-based access, read-only blanketing, and revocation of access.”
Keep your operating system up to date. Don’t ignore those notifications for updates because they often include critical security upgrades.
Keep your web browser and other business-essential software updated, too, as those updates often contain security measures to protect against malware threats.
Use strong security programs that scan for malware and ransomware, and keep those programs updated, too.
Do frequent and routine backups, so if your system does get shut down, you can get a backup of any files that bad actors may have encrypted. Backup systems should not be attached to the computer all the time or they, too, may become infected.
Have a plan. Think about what you would do if you were the victim of ransomware and have that plan in place just in case.
Consider purchasing cyber insurance. “Think of the costs of a ransomware attack—legal fees, lawsuits, security—these all add up to a very expensive post-attack cost that no organization wants to take on—and we haven’t even touched on reputation,” said Buchanan.
If you do get hit by ransomware, notify the FBI and local law enforcement, whether or not you pay the ransom. That way the agency can track the spread of the malware. The Internet Crime Complaint Center has a form for submitting these reports to the FBI. The FBI recommends not paying the ransom, which is easier to do if you have implemented the prevention steps above.
Check the No More Ransom website set up by security companies. It contains decryption tools that could help you get your files back.
Cyber threats are very real, and there are very real things you can do to keep your business from being victimized by malware. Stay informed, and be ready to act.