I don’t normally watch horror movies, but there is a correlation between the movie “Saw” and ransomware, in particular a variant called JIGSAW. This is pretty scary stuff — the first thing you see is the creepy image of Billy the Puppet from the horror film “Saw” on your computer screen, then you find out that your data is no longer yours.
Ransomware is a type of malicious software, commonly called malware, that blocks access to a device or data until a ransom is paid. It’s delivered by the same means as other cybersecurity attacks — most commonly phishing emails with malicious Office documents or zipped files attached, compromised websites, and vulnerability exploits in the software that you use every day. It encrypts your files so that you cannot access them without the encryption key.
Ransomware has been the most prevalent cyber threat for the past 11 years and the infections have outnumbered data breaches. A report released in December 2016 states that ransomware attacks against businesses increased threefold in 2016.
It’s no joke. Ransomware is capable of crippling businesses who encounter it. The criminals behind these attacks are continually evolving their tactics to allow them to continue down this lucrative path. They are primarily holding the data ransom and do not appear to be stealing the data for their own use, but that trend could change.
Other research shows that ransomware had cost businesses $209M in the first half of 2016—a figure predicted to increase to $1 billion once year-end totals were in. Money is not all that’s at stake. Ransomware can cost a business its reputation, lost productivity, and sensitive data such as financial records including banking information, confidential customer information, or intellectual property.
IBM Security announced results from a study that found “70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems,” with half of those paying over $10,000 and 20 percent paying over $40,000. Those behind the attacks will more than likely move on and affect other individuals and businesses. By paying the ransom, those affected only encourage these criminals to continue on to the next victim. Remember, there is no honor among thieves and paying is not a guarantee. It may be tempting to just pay them and think that you can quickly move on from this, but you can still lose critical files even if the ransom is paid. Another issue is: Can you trust the data now that some unknown person(s) have accessed it? It’s a far better idea to protect your business so you are not a target for future malware infections.
So, before you decide to stop using computers, the Internet and technology totally, there are preventative steps that you can take to avoid being held for ransom. Having a comprehensive cybersecurity and response strategy will help you defend against these attacks — one that focuses on using business drivers to guide cybersecurity activities and incorporates cybersecurity risks as part of your overall risk management processes. You don’t have to start from scratch. You can continue to evolve and improve your current practices. Specific actions that are proven to work include:
In addition, the FBI provides a library of ransomware prevention and response information that is available to you for free.
Businesses affected by ransomware should refuse to pay the ransom and immediately contact the FBI or file a complaint with the FBI’s Internet Crime Complaint Center.
You may be able to recover your files. Law enforcement and IT security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cybersecurity companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. You can contribute to the project by submitting your encrypted files and information about the ransom demand you received and they will help you to find a way to decrypt your files. In addition, the website maintains a list of decryption tools that you can use if you are infected by one of the ransomware variants that they have decrypted.
It is much easier to avoid the threat than to fight against it once you have been affected. If you follow the prevention tips above, you can avoid a devastating blow to your business. Follow your incident response plan to clean up and recover your business quickly and efficiently.
Other things you can do are:
Finally, stay proactive and continuously improve your security program.