What it is
Ransomware is a malicious type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decryption key.
A short history
Cases of ransomware attacks were first reported in Russia during 2005 and 2006, since then however global ransomware attacks have become more and more frequent in the world, targeting both individuals and companies alike. In 2017, the term ransomware has become a common place phrase in the cyber world with attacks from programs such as “WannaCry” and “NotPetya” being reported almost daily. What were once inconveniences now spell the end of business for some companies.
One of the most high-profile instances of a ransomware infection came when the Hollywood Presbyterian Medical Center become infected with Locky, taking systems offline and causing disruptions to patient treatment until the hospital paid hackers a $17,000 ransom in order to restore its network. ransomware: a big problem for small businesses
In 2016 alone hackers made $1 billion, from victims of ransomware. This would lead you to believe that mainly big businesses are targeted when actually most ransomware attack are directed at small to medium sized businesses. A report by Verizon claims that 61% of all ransomware attacks are on small to medium businesses with less than 1000 employees. This focus on small business is due to the fact that these businesses have less funds to spend on cyber security and staff training, making them more likely to pay the ransom rather than the, larger, expenses to try and deal with the issue internally.
How to protect yourself and your business
To put it simply, there is limited protection against ransomware, no antivirus or end-point security solution technology able to protect you. Protection comes down to user-education, good business practices and a well maintained disaster recovery program, which is a must have in case of any particular eventuality. Organizations must prepare themselves for the likelihood that they may be targeted by implementing strict guidelines within the work place that will mitigate the effects of a ransomware attack. />
5 guidelines on avoiding ransomware
Back Up is key The best defense against ransomware is to reduce your vulnerability in the first place. This means backing up the company’s critical and valuable information on a regular basis. Hence, if your businesses become a target of a ransomware attack, having to pay the ransom may not bear consideration as the business will have access to its valuable information that has been backed up. It is important that the companies maintain offline back-ups so that the back-ups are not readily accessible to an attacker.
Trusted sources Businesses should exercise good email and website safety practices – ensuring that individuals download attachments, click URLs or execute programs only from trusted sources.
Trust warnings When you get a security message from a web browser, take heed of it.
Administrator Rights Manage administrator rights accordingly. Many businesses still use the default administrator account on their network. Instead you should delete or rename the administrator account or create an account with administrator privileges.
Educate! Educate! Educate It should be an executive management imperative for businesses to educate their employees about the challenges around ransomware making staff aware of any security issue that arises, or is currently topical – this could be ransomware, PoPI, encryption – your people need to be aware of it.