Ransomware is on the rise: What is it, and how to protect your company

The recent “WannaCry” cyberattack affected hundreds of thousands of computers around the world. The attack targeted organizations of every type, including hospitals, government agencies, and corporations, freezing computers and locking out users until they paid a “ransom” to release their data.

While the WannaCry attack came through a weakness in older Microsoft operating system software, ransomware is usually hidden in an attachment or link in an email, or a post on social media. The email or post appears to come from a legitimate source, and may even use the name of a sender known to the recipient if the hacker has done some research on LinkedIn, Facebook or other social media sites. If the recipient of the email or post clicks on the attachment or link, malicious software or a virus enters the recipient’s computer. If the computer is part of a network, the ransomware can spread through that network, and either encrypts the user’s data or blocks access to it. The user then receives an ominous popup or other graphic informing them of what has happened, demanding a ransom be paid to release the data, and often providing instructions on how to pay. 

Ransomware attacks are on the rise.

The security firm Kaspersky Labs reported an increase in ransomware attacks from 2,900 in the first quarter of 2016 to more than 32,000 in the third quarter, with attacks against businesses occurring once every 40 seconds. 

The report also found that while one-third of small and medium-sized businesses that were attacked paid the ransom demanded by the hackers, and 20 percent still never got their data back.

Many government law enforcement agencies around the world and a number of industry groups, are now advising organizations not to pay the ransom, even though the amounts demanded are usually low. The reasons they give for not paying the ransom include:

• You become a bigger target
• You can’t trust criminals – you may never get your data back, even if you pay
• Your next ransom will be higher
• You encourage the criminals to keep on hacking

These organizations have created a service called No More Ransoms, which offers advice and tools on recovering data and system access without paying the hackers.

What can you do to stay safe? 

No organization can ever be 100 percent secure against cyberattacks, including ransomware. But you can take positive steps to lower the risks of a ransomware attack occurring, or if one does hit your company, to help you recover quickly and ignore the hackers’ ransom demands.

Here are things your company can do now:

• Back up data using real-time backup to a cloud service so you can easily recover data from a ransomware attack; backing up once a week to a server or external hard drive isn’t enough
• Make sure every computer, server, and mobile device has up-to-date, high-quality antivirus and anti-malware protection software
• Always keep software updated on all the devices you use – the WannaCry ransomware used weaknesses in older Microsoft operating systems such as Windows XP, to attack computers—always install patches and updates when offered
• Treat email attachments or links, as well as messages or social media posts from people or sources you don’t know, with caution. If in doubt, delete it
• Educate your employees and IT teams, keep sensitive data separate, restrict access to those who truly need it, and use strong passwords

If the WannaCry attack had any silver lining, it served as a loud wake-up call to companies and other organizations to take steps to protect themselves from ransomware attacks, because no one is immune. The above steps are easy to put in place and are not expensive, but are just part of a more comprehensive cybersecurity prevention plan for your company.