More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware is run, it locks victim’s files and allows criminals to demand payment to release them.  

Within every industry (non-profit, healthcare, government, finance, education, etc.), organizations of all types and sizes have been impacted, but small businesses can be particularly vulnerable to attacks. And ransomware is on the rise. In the McAfee Labs June 2018 Threat Report, the number of new ransomware strains saw an increase of 62% in the previous four quarters. This increase brings McAfee’s total number of identified strains to roughly 16 million. 79% of Managed Service Providers (MSPs) report ransomware attacks against SMBs. 35% of MSPs report clients suffered multiple attacks in the same day.

When ransomware hits it is costly and can halt an entire system. The average amount of ransom requested is roughly $4,300 and the cost of downtime is typically 10x higher than the ransom requested (per incident).  

Ransomware is distributed in a variety of ways and is difficult to protect against because, just like the flu virus, it is constantly evolving. 

How ransomware is spread 

Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click. 

Another common method for spreading ransomware is a software package known as an exploit kit. These packages are designed to identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a “drive-by download” attack. 

Ransomware is constantly evolving, and new variants are appearing all the time. Because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential; however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup. 

Education: First and foremost, education is essential to protect your business against ransomware. It is critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.). 

Security: Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, in order to protect against newly identified threats. Keep all business applications patched and updated in order to minimize vulnerabilities. Some antivirus software products offer ransomware-specific functionality. 

Backup: Modern total data protection solutions take snapshot based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is twofold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean, and the malware cannot be triggered again. 

Reducing the risk of infections requires a multilayered approach rather than a single product. There is no sure-fire way of preventing ransomware. Instead, businesses should focus on how to maintain operations despite a ransomware attack. One way to do this is a solid, fast and reliable business continuity and disaster recovery solution. Businesses need a dedicated cybersecurity professional to ensure business continuity. Rhyme has the time and resources to anticipate and protect a company from the latest cybersecurity threats. 

For more information contact a Rhyme Managed IT Professional today at 800-362-4333 or email info@rhymebiz.com. Check back for upcoming Rhyme Technology Blogs on Essential Cybersecurity and Disaster Recovery Solutions.  

For more information on cybersecurity see: