Beware of Ransomware
Beware of Ransomware
Ransomware is malicious software that’s designed to encrypt data in order to block access to it, or even access to the computer system itself, until a payment of money is made. The data is usually not stolen, just held hostage, and it can all be done from thousands of miles away.
You may be thinking that your data is not worth it. You may think that it’s inconsequential in that there are no Social Security numbers, or other pieces of information, that would be valuable in the traditional sense of credit card or identity theft. However, what would you pay not to lose that data? Or, simpler yet, just to access your data? Now, can you see the value?
Perpetrators of ransomware have already picked up on the fact that businesses live and die on their computer systems and the data within. As an individual, you may pay hundreds, even thousands of dollars to access and recover the data from your own personal PC – family photos, bank statements, music, etc. Apply this on a corporate scale, and you can see how quickly the amount can escalate.
In an article titled, “How Companies Can Guard Against Ransomware,” on the website of the Society for Human Resource Management, it states that ransomware has surpassed all other forms of computer malware in terms of incidents. It’s so pervasive that cybercriminals are helping each other with support and instructions on how to effectively ransom a company’s data and computer system.
According to the article, ransomware is so profitable for cybercriminals that they will have collected more than $1 billion in ransom payments by the end of 2016. And as I mentioned earlier, no business is safe. In Los Angeles, the computer system at Hollywood Presbyterian Medical Center got infected with ransomware (there’s some irony about hospitals and infection). If they didn’t pay $17,000, they would never gain access to their email and electronic health records. Now, keep in mind that while their system was down, the hospital staff could not access medical records, email, and even X-rays or CT scans. The hospital was essentially frozen in time with patients waiting on results, surgeries rescheduled, etc. Of course, the hospital paid the ransom and learned a valuable lesson.
So, how does ransomware get installed on a company’s computer system? It’s not usually through hacking. Often, the human element is the weakest link. Opening email attachments, visiting infected websites, and “malvertising,” which are fake banner ads that contain malware, are easier and more effective ways for cybercriminals to gain access.
Now that you know what ransomware is and the effect it can have, how do you protect against it? Fortunately, there are many ways to stay ahead of the cybercriminals.
Regularly back up your company’s data and test it to ensure it’s retrievable. Keep the backups offline so they can’t be accessed via the Internet or your computer system and also keep them off-site.
Display file extensions (for example, doc, jpg, pdf, and exe) so that users can identify whether it’s a Word document, photo, or executable file.
Disable macros so that files don’t open automatically.
Instruct employees not to open suspicious or unsolicited attachments – even if they come from a friend or coworker since you don’t know if they’ve been infected.
Make sure that the company’s IT department regularly performs computer maintenance and software updates to guard against the latest cyber threats.
Limit an employee’s access to important computer systems and files and also remove “admin rights” so that regular users can’t install or modify software.
While most tech-savvy people have heard of computer viruses, malware, and other computer-related security threats, all it takes is one person to slip up and install ransomware and turn their network-connected PC or laptop into a system-crippling catastrophe.