It could happen to you. At your small business workstation one day you get contacted by an unknown entity saying it has locked your computer or encrypted your electronic files. This entity is demanding you pay a ransom to gain access to your computer or files again. Chances are ransomware has been installed.
What is ransomware?
Hackers are using ransomware, which is a form of malware, to extort money from unsuspecting people. As digital security protocols strengthen, it is harder for hackers to break into networks to steal data. Instead, they target lower hanging fruit such as individuals, small businesses and other organizations where perhaps security measures are not as sophisticated.
There are different types of ransomware. There are encryption malwares, which encrypt personal files and folders such as documents, photos, and spreadsheets.
Another type locks your screen but your files are not encrypted. Other types affect your mobile devices, web servers or the actual hard drive of the computer.
Ransomware has become one of the biggest cybersecurity threats to organizations and individuals in the past two years, since anyone can be a target. Hackers have extorted organizations for more than $209 million in ransomware payments in the first three months of 2016, according to FBI statistics. This is a lucrative endeavor for hackers, making the ransomware business on pace to be a $1 billion-a-year crime.
According to a report by Malwarebytes, a California business that builds internet security software, the most heavily targeted industries for ransomware are healthcare and financial services due to the sensitive and high value of their information.
About 80 percent of the organizations breached have had high-value data held for ransom. And about 40 percent of the victims pay the ransom. Ransoms can vary from $300 to into the millions depending how much the hacker thinks your data is worth to you. Paying doesn’t guarantee the victims will receive their data or use of their computer again.
Common sense is best when it comes to preventing ransomware.
Security expert Ryan Satterfield, president of Planetzuda.com, says that as with preventing other kinds of hacking, users should not click on links and open email attachments from unknown sources.
Most ransomware happens through clicking a link and users often have no idea they are infected until ransom is demanded.
Satterfield strongly advises that organizations and businesses back up data daily. It is ideal to back it up off the network with hard drives so it isn’t reachable by hackers.
Should organizations or businesses pay the ransom or not? Experts including the FBI say pay it. While there is no guarantee the hackers will give you a key to either unlock your computer or retrieve your data, in most cases they will.
There is another alternative, suggests Satterfield. Retain a security professional to back hack the malware and remove it. A good professional should be able to reverse engineer the malware. Depending on how much the ransom is, this maybe a good alternative.
Hacking can be easy, Satterfield said. It’s best to take preventive measures now.