Let’s get something straight: there’s another word for Ransomware, it’s extortion. And it happens every day all across America. It could happen to your business and it’s more than likely the perpetrators will never be brought to justice. If you haven’t heard of ransomware, it’s where a piece of code infiltrates your business network (through sources explained later in this article) and encrypts important business files, only allowing access back to them after a ransom has been paid. This is organized crime using sophisticated, effective technology to steal from unassuming victims in broad daylight. For these reasons, ransomware is a threat every business owner needs to be aware of.
How does ransomware infiltrate a business? The scary and insidious nature of these intrusions is part of what makes them so scary. The infiltration can come via an infected email attachment, malware from a malicious website, a download an employee unassumingly accepts or even a malicious intrusion through your unprotected network gateway. The problem is almost always an accident at an unwitting moment.
In 2014, reported ransomware instances cost American businesses over $24 million. This number grows every year, and now even Mac users are reporting ransomware attacks. Many of these perpetrators ask for a relatively small amount of money for ransom, which suggests that their crimes are both opportunistic and volume driven.
One astute client of ours pointed out: “that’s what backups are for, right?”. While backups could help in a fresh attack, many of the groups running these schemes get into the victims network months prior to running the script that locks down the files. By the time the victim realizes that they cannot access their data, the ransomware has entrenched itself in the backup copies as well as the server files.
Strategies to prevent ransomware:
There are several simple measures that business owners can take to prevent this from affecting their business, and they don’t necessarily require expensive, next-gen technology.
-First, utilize every malicious threat protection service available, including a strong Enterprise grade Anti-virus solution and a commercial grade anti-malware solution. If your computer bogs down when running these services, it may be time to look at a new computer. We occasionally have clients ask us to remove one of these programs to improve PC performance. This can be a short sighted decision, as upgrading or replacing a computer is cheaper than the potential damage of an event.
-Second, utilize a firewall that’s running a full suite of anti-threat protection measures. This is like the moat around your castle, and will catch many malicious threats before they ever enter your network including file attachments in emails, malicious websites or downloads.
Finally and perhaps most importantly, enforce policy with your staff. Make them aware that these threats could cripple your business. Employees who initiate the invitation of ransomware are usually unaware of the concept of malware, and think of computer viruses as pesky little pop-ups that the IT guys easily clear away. Invite your IT provider in to have a policy discussion with your staff. Education and awareness are two of the best weapons in the fight against ransomware.
Is your IT provider discussing threats like ransomware with you? Are you interested in finding a new IT partnership that helps your business stay more productive with less risk? Reach out to Upward Technology today.
Also, BONUS CONTENT: interested in hearing more about the subject. The popular podcast Radiolab put a great show about this topic last year! Check it out.