Business<br />
Insights that<br />
drive results

Blog

Business
Insights that
drive results

04/19/2017

Combating Ransomware: Back Up, Patch Up, Catch Up

EZ Shield April 19th, 2017
Categories
Fraud & Risk
Tags

By Eugene Bekker, Chief Security Officer, EZShield

Ransomware, the computer malware designed to hold your devices and files ransom, can pose a huge threat to your company. Once a device is infected, it only takes a few seconds for a ransom note to display —demanding payment in exchange for a key to unlock your system. Until you pay the ransom, your device is virtually useless. And even if a payment is made, there’s no guarantee that the hacker will unlock your device. In short, you’re left with two choices: dig into your business funds to pay the ransom or let the hackers keep your files and hope they don’t further misuse your compromised information?

As a business owner, this is a decision that you should never have to make.

The number of attacks surged from 282,000 to 30 million in March 2016 alone. This is one of the top cybersecurity threats targeting small businesses and experts believe it will continue to grow. It’s up to you, as a small business owner, to remain vigilant of ransomware and take the proper measures to thwart the hackers targeting your business.


WHAT SHOULD YOU DO?

Use these tips to help secure your business’ sensitive files and avoid the repercussions of a ransomware attack.

  • Backup. Use a secure cloud service to regularly backup all your sensitive business files. If you should fall victim to an attack, you can delete the infected files and recover the unaffected copies from the cloud.
  • Patch up. Make sure that your security and anti-virus programs are automatically updated on a regular basis. Security patches prevent hackers from using weak spots in your business’ network to gain access to the files on affected machines.
  • Catch up. Make sure you are offering proper security training to your employees so they are aware of the signs, risks and appropriate response plans for ransomware incidents. You can more effectively protect your business if your employees are working with you on the preventative front.

The risk of ransomware is growing

Hackers have come up with creative ways around modern security measures to deploy and utilize ransomware for monetary gain. Not only are criminals using the malware to target sensitive information and funds, but they are also selling ready-to-use kits on the Dark Web. Ransomware-as-a-Service (RaaS) has proved to be profitable for the experienced hackers selling DIY ransomware programs, as well as beneficial to the inexperienced ones buying them.

Since 2015, the overall number of ransomware attacks has increased 167 times – from 38 million in 2015 to 638 million in 2016.  The cash out from the ransomware ploy itself, and the extra profit made on the side through RaaS, presents a win-win situation for both expert and novice hackers alike.

Isn’t ransomware just like any other cyberthreat?

Ransomware is different from other types of computer malware because it not only compromises sensitive data, but it also holds those files at ransom. Hackers will target businesses for their large pools of data – as this high-value information offers more incentive for the business owner to pay out.

Aside from compromising your business’ sensitive data, the “ransom” component of ransomware can be costly to your business. Ransomware victims in the U.S. paid a total of $209 million toward ransomware demands in the first three months of 2016. At that rate, the FBI estimated 2016’s total losses to ransomware to be around $1 billion.

The average amount per incident in 2016 was $800, which is a substantial increase from $300 in 2015. Unfortunately, there is no guarantee that your company’s files will be recovered even if you make the payment. While 48 percent of companies said that they had paid the ransom, only 55 percent of them were given the encryption key to unlock their files.

Like phishing scams and business email compromise, hackers use email links and attachments to distribute the malicious program. In fact, emails accounted for 59 percent of all ransomware infections in 2016. Hackers will often disguise the ransomware as email attachments using Zip (.zip), Microsoft Office (.doc, .ppt, .xlsx, .pub) and Javascript (.js) files.

Hackers loves small businesses 

April 2017 Business Article CalloutThe significant rise in ransomware makes proper business security practices more important than ever. Even though 66 percent of companies considered it to be a serious threat, only 13 percent indicated that they felt prepared for an attack.

This particular type of cyberattack continues to thrive by taking advantage of a common small business myth — business owners who believe they’re “too small” to be targeted by hackers. Unfortunately, this is far from the truth. Hackers love small businesses because they typically have less sophisticated security measures, making their networks much easier to hack.

Additionally, cybercriminals also know that employee training is not as extensive in smaller companies as opposed to larger ones. While 58 percent of larger companies offered security training to their employees, only 30 percent of smaller companies trained its employees. Only 33 percent of companies said that they offer training that covers ransomware specifically.

Keep following EZShield’s Fighting Identity Crimes and subscribe to Deluxe’s blog to our to stay up-to-date on the latest breaches and scams in the news, as well as tips and tricks from our industry experts to proactively protect your identity.


The content on this site is copyrighted by EZShield and used with their permission. Click here to see the original article.

Eugene Bekker originally joined EZShield in 2008 as a consultant and today he oversees the architecture of the core technology platform, as well as manages EZShield’s security and compliance program. Prior to EZShield, Eugene was the Chief Architect at PowerVision Corporation, an Information Technology and application development consultancy. He boasts over 20 years of experience in the areas of Information Technology and software engineering.