Does the word "ransom" conjure up images of sketchy notes made up of random letters cut from newspapers? In the movies, criminals often send these handcrafted messages to demand a large sum of money in exchange for the safe return of something--or someone--valuable to the note recipient.
Today's real-world criminals are much more sophisticated.
While they still want money from you in exchange for something you hold dear, their notes are digital and it's your computer files that are being kidnapped. The practice is called ransomware, and it's a growing threat--especially to small businesses.
Although different variants of ransomware exist and more are created every day, they all operate on one basic premise: To freeze or prevent access to your computer or mobile device until you pay a sum of money. Victims receive some sort of notification--usually an intimidating pop-up message or screen takeover--that files have been encrypted and the only way to unlock them is to pay a specific ransom amount.
Ransom fees vary from $200 to well over $10,000. For small businesses a ransomware attack could be devastating, resulting in the loss of files (including sensitive information), disruption of business operations, financial losses to restore systems, and harm to the company's reputation. Criminals are betting that it's easier for business owners to just pay the ransom rather than deal with these consequences. Unfortunately, the odds have been in their favor.
The Rise of Ransomware
Ransomware has been around for several years, but has grown exponentially in since mid-2015. IBM's SecurityIntelligence.com reports a "record high" ransomware outbreak in the first quarter of 2016, citing a 30 percent increase in victims from the previous quarter.
The American Bankers Association (ABA) found that from January through March 2016, $209 million was collected by criminals through ransomware. The ABA projects ransomware attacks will result in over $1 billion in losses by year-end.
Cybercriminals are constantly finding new ways to ensnare you in a ransomware trap. Sometimes they'll use spear-phishing tactics, sending an email that tricks you into thinking it's from someone you know and/or trust. When you click a link or open an attachment, the ransomware is released. Ransomware has also been found in pop-up advertisements, downloadable games or file-sharing applications.
A July 2016 United States Computer Emergency Readiness Team (US-CERT) alert recommends the following preventive measures:
- Run regular or real-time data backups that are isolated from the network. Having this data on hand lessens the potential impact of a ransomware threat and will help your business quickly recover from an attack.
- Use application whitelisting to prevent malicious and unapproved programs from running. US-CERT calls this one of the best security strategies to employ, as it allows only specified programs to run and blocks others.
- Maintain and regularly update anti-virus software and operating system software. These updates usually include patches for recently-detected vulnerabilities in the software, so it's best not to ignore the reminders to install an update.
- Restrict the permissions of other users to install and run software applications. It's also a good idea to provide cybersecurity training to keep employees up-to-date on best practices.
Should I Pay the Ransom?
Experts recommend that business owners never pay the ransom demanded by cybercriminals in a ransomware attack. If you pay a bad guy once, they're more likely to believe you'll pay them again--and they'll test that theory. Additionally, there's never a guarantee that paying will actually unlock your files or get your data back. They're not the most trustworthy folks, after all.
If you suspect you've become a target of ransomware, immediately alert your local authorities and file a complaint with the FBI via their Internet Crime Complaint Center site or by contacting a local FBI office.