Ransomware Explained
Ransomware. Ransomware. You have heard the word and know it involves a cyberattack. You assume from news reports that it only happens to large companies like Target, Equifax, and Marriott Hotels for example, and that cybercriminals will not want to bother with your small or medium-sized business (SMB). Unfortunately, that assumption is wrong.
The Federal Trade Commission (FTC) notes that ransomware is a major concern of small business owners across the country. Another report notes that since nearly 50 percent of SMBs have no employee security and awareness training, they are particularly vulnerable to cyberattacks, including ransomware.
The U.S. Department of Justice (DOJ) reports that since January 1, 2016, more than 4,000 ransomware attacks have occurred every single day. Business owners suffer the temporary or permanent loss of their proprietary information, disruption of their daily business operations, and the extreme expense of restoring files, if that is even possible. Their reputation in their community may also be damaged.
What is Ransomware?
Ransomware is a type of malware, a software program intended to damage computer files. It quietly invades your computer, encrypting as many files as it can locate on your local and network drives. The encryption is done by using a complex mathematical algorithm. When the encryption is complete, your files become unreadable unless you have the key to unlock them.
The only one with the key is the cybercriminal who demands you pay a ransom in order to regain access to your files. Your data has been kidnapped. A simple virus scan cannot undo the encryption. Your data is being held hostage by the cybercriminal.
In many cases, there is a time limit for payment. A count-down clock may even appear on your screen telling you that you must pay the ransom within a certain period of time or forever lose access to the files.
How Ransomware Gets into Your System
Ransomware enters your computer most often by a “phishing” approach. This happens when an innocent user receives an email that appears to be from a friend, co-worker, or reputable company. It includes an attachment. When the user clicks on the attachment, it is downloaded and, voila, ransomware invades that device and all other devices connected to the network.
Some websites have malware lurking in the background. It only takes one keystroke and the malicious software will now infect all the files it can access. The intent is to cause as much damage as possible to your network so that it shuts down and you can no longer access any of your files.
Should you Pay the Ransom?
The DOJ does not advise SMBs to pay the ransom. But, it does note that victims of ransomware have tough decisions to make when considering whether or not to pay. It recommends ransomware victims consider the following factors before paying the ransom:
- How to best protect employees, customers, and shareholders.
- Paying the ransom does not guarantee that the cybercriminal will provide the key to decryption.
- Some victims who paid the ransom and did get the decryption key were again targeted by other cybercrminals.
The DOJ encourages businesses who have been invaded by ransomware to report it to law enforcement. There is a chance that they can use legal tools, including working with international law enforcement, to locate the encrypted data.
How to Prevent Ransomware from Invading Your Network
The most important step of preventing ransomware from invading your network is education. Your employees need to understand how ransomware works, and they need to be constantly aware of the importance of not clicking on any attachment no matter how legitimate the sender appears to be. The attachment must first be scanned for malware.
Every file needs to be backed up so it is accessible off of the network so that if there is a ransomware attack, your business is not crippled beyond repair. If an attack is discovered on one device, immediately shut down all devices connected to the network.
Cybercriminals are getting smarter and learning how to circumvent cybersecurity that is installed to prevent the ransomware and other malware attacks. There are Managed Service Providers (MSPs) who can provide a robust cybersecurity system that can withstand the threats. They should also be able to ward off a threat before it can cause any harm.