Ransomware is one of the greatest threats facing businesses across the globe today. In 2017 Ransomware infected more than 4000 businesses per day worldwide. In fact, one of the biggest cyber-attacks of 2017 was the WannaCry Ransomware that wreaked havoc on business, banks and even governments. Ransomware, essentially cyber extortion, has grown to be a billion-dollar industry unto itself.
Showcasing the disruptive power of Ransomware would be the WannaCry incident at The National Health Service(NHS) in Britain. Key systems were infected and they were forced to turn away patients and cancel surgery appointments.
Due to its effectiveness Ransomware is expected to continue to grow rapidly year-over-year.
How does Ransomware work?
Criminals use Ransomware malware to lock and encrypt files on an infected computer and demand that the victims pay for their files to be decrypted. Files that are locked cannot be unlocked/decrypted without paying the ransom.
In certain instances, the criminals may even threaten that the victim to pay or their information will be made public or deleted forever.
Payment may be demanded in Bitcoins as this is a Crypto-currency that cannot be tracked. In most cases, a trigger activates the Trojan, which encrypts and locks down the system using emails and download attachments. A computer that is infected with Ransomware Trojan will lock either part or all of the data on the hard drive, allowing only the hackers to access the encrypted files.
The victim would need to pay a ransom amount in order to receive the decryption key. The victim can only access the files after receiving the decryption key or risks losing the data otherwise.
How does Ransomware spread?
Ransomware can spread in numerous ways, but it is most commonly distributed through email or web pages that masquerade as legitimate web pages or prompts requesting you to click them.
New emerging Ransomware developed by criminals now also actively search for vulnerable computers on the internet. Research show that hackers are moving beyond just PCs, and are now beginning to launch attacks against Smart phones and tablets.
Furthermore, once a computer is infected it is possible for Ransomware to spread to other PCs that are connected to the same wired or wireless network. For businesses, this can lead to widespread infections which can compromise a significant amount of data and leave many PCs inoperable.
Finally, due to how Ransomware works it is often able to get past traditional antivirus software.
Financial Cost of Ransomware
Criminals understand that the bigger the disruption they create for a business, the more likely they are to be paid.
Businesses that cannot afford downtime and do not have adequately managed backup, antivirus or security, have little choice but to pay the ransom. Hence, the financial cost of Ransomware infections for businesses can easily reach tens of thousands of dollars. Small businesses are particularly vulnerable as they do not have appropriate counter measures in place because they cannot afford or lack critical IT knowledge.
In 2017, the average ransom paid was $1077 while the largest ransom paid (in Canada) was $425,000.
Following are some tips on how to protect, prevent and recover from a Ransomware threat or attack on your business.
Ransomware can be prevented through the same methods used for avoiding other forms of malware. This means training staff to avoid clicking on suspicious links or opening emails from unknown and untrusted sources. Email is the most common channel for Ransomware infections.
The key to protecting your systems is to ensure that they are up to date and that new security patches are in place. Reviewing the NHS situation, the Ransomware infection could have been prevented through a security patch that Microsoft had released previously to address the vulnerability.
Additionally, removing older operating systems that are no longer supported by Microsoft such as Windows XP can significantly reduce the risk.
As Ransomware can easily infect computers, businesses should have proper protection measures in place. Having an enterprise and next-generation antivirus software and firewall in place makes it more difficult for Ransomware infections to affect computers. The additional features from enterprise antivirus and firewall solutions can help block and prevent Ransomware from infecting networks and computers. This reduces your risk even if Ransomware somehow find its way past your defenses.
Even with a strong prevention and protection practices in place Ransomware infections can still occur due to human error such as accidentally opening the wrong emails. One of the strongest ways to recover quickly is to have an effective backup solution in place. An effective backup solutions will have high frequency and allow you to restore your systems to a prior point before the infection had taken place. Allowing you to resume work within minutes instead of having your systems unavailable and down for days or even weeks.
How happier IT helps with Ransomware
At happier IT, we can help you with protecting your business from Ransomware. Our Proactive approach to IT services includes helping prevent and protect your business from Ransomware. We take on the time-consuming task of ensuring that all your PCs, firewalls, servers and other devices are continually up to date and patched. Furthermore, we’ve identified the most reliable solutions that you can use to protect your business environment. We’ve developed a set of standards based both on Industry best practices and years of experience which we use to protect your business.
For more information on how we can protect you from Ransomware, schedule an online demo with us.