Last year, ransomware became the top cybersecurity concern of organizations: 47 percent of organizations suffered ransomware attacks in 2016. Get up to speed on what ransomware entails and how to protect your organization from these malicious attacks.
What Is Ransomware?
As the name suggests, ransomware is a type of malicious attack that blocks access to your data or computer until a ransom is paid.
Attackers first encrypt your data using malware, then send a demand for money. If you pay the money, you will regain access to your data or computer. Meanwhile, you’re unable to access data needed to perform your job. The negative effects on employee productivity are massive, which is why corporate ransomware is so effective.
Who is the Target of Ransomware?
Hackers first targeted home owners with ransomware, perhaps in an effort to test whether the attacks could succeed. Home users still suffer ransomware attacks, in part because they constitute a large volume of computer users. Home owners may also lack cyber security awareness or rely on nothing but antivirus software for protection. As a result, they are very vulnerable.
Home users typically rely on outdated software (even when they are prompted to update) and don’t keep data backups. When they are threatened with something like the loss of their family photos, no wonder they will readily pay large sums of money to get their data back.
Increasingly, attackers are turning to larger targets — from whom they can demand more money. Thus, police departments, hospitals, health care organizations, municipalities, and larger businesses are receiving ransomware attacks. Attackers target not just individual workstations, but entire databases and servers.
Major businesses are reluctant to report a ransomware attack. They worry about the reputation loss this would create, as well as legal consequences of the attack.
Behind a Typical Ransomware Attack
There were 400 different variants of ransomware in Q4 2016 alone. Here are a few examples that showcase the major consequences that a ransomware attacks on businesses could have:
Licking County, Ohio: An employee in the Licking County office clicked on a link in a phishing email, downloading malware. Police, 911 dispatch, and other office were shut down via ransomware. To get emergency services back up without paying the ransom, IT staff had to rely on backups to rebuild the entire system. Meanwhile, the police lacked landline and online access, which put the public safety at risk.
Hollywood Presbyterian Medical Center: A ransomware attack locked the medical records and computer systems at the hospital. After one week of making do without mission critical information, hospital staff paid the $17,000 ransom to unlock their data.
San Francisco Municipal Transport Agency: In San Francisco, 900 employee workstations at the Municipal Transport Agency were held ransom. Attackers demanded a $73,000 bitcoin payment. The SFMTA was able to restore the majority of the encrypted data from remote backups and avoid paying the ransom.
Ways to Protect Your Organization From Ransomware
Understanding what makes you vulnerable is the first step in protecting your home and business assets from ransomware.
If you aren’t already backing up your data automatically, do that now. This is the single biggest step you can take to decrease your risk. After all, when your family photos or client files are backed up to an external hard drive, you won’t need to pay to get them back.
Learn what types of file extensions suggest a malicious file, then enable file extensions and check before you download a risky file.
For example, .EXE files or executable file extensions can be risky. Email filters can block .EXE files, reducing your risk of accidentally launching a ransomware attack. Another common risk is opening macros in Microsoft Office. Don’t turn on macros when prompted to, unless you’re certain the file is safe.
If you have administrator login, be careful about using it. Do not stay logged in on the admin account unless it’s necessary. Avoid opening emails from the admin account just in case. On a related note, never give administrative access to staff members unless it’s critically necessary for them to have admin access.
Get in the habit of updating your software when prompted and patching regularly. Attackers exploit bugs in software and rely on the assumption that you are lazy about updating your software.
Studies show that computer uses with little awareness of cyber security risks are the “weakest link” in your safety.
Host cyber security trainings that teach your employees to identify suspicious links, phishing emails, or potentially dangerous software.
As a safeguard, segment the corporate network. Firewalls can separate system services, adding another layer of defense against an attack.
Finally, understand that the best cyber security defense evolves over time to keep up to date with new threats. If you assume it’s a matter of following these steps to get protected, and then you’re done, you will be attacked.
To keep all of your business data safe in the event of a ransomware disaster, use a secure and reliable offsite cloud-based data recovery plan. Server Cloud Canada offers off-site private clouds and AES 256-bit encryption for all data transfer. Get your business back up and running in minutes with instant private cloud restore.
The SCC Vault
Server Cloud Canada offers scalable and flexible solutions that are fully Canadian owned and operated. You can rely on these plans to protect your enterprise data in Canada’s robust privacy legislation.
- Off-site Private Cloud Backup
Store your backup data in your own private cloud
- Off-site Private Cloud Restore
Instantly restore your backups in your own private cloud minimizing downtime
- Secure & Reliable
Transfer & Save your backups using AES 256bit encryption
- 100% Canadian
100% Owned, operated, hosted on Canadian soil providing protection under all Canadian privacy legislation
- Single pane of glass
Schedule, manage, restore your backups from one centralized management console
- Solution Based Flexibility
Build your solution around your budget and requirements. Expand as you grow