Welcome to the latest blog in our IT 101 series. Having previously given an introduction to such topics as cloud computing, the importance of an IT Roadmap, the benefits of an IT consulting service, the role of a Virtual CIO and what you need to know about Software Licensing, we here turn our attention to that reviled and debilitating software that poses a real threat to your business: ransomware.
Ransomware is a malicious code or malware nightmare used by cybercriminals to exploit system weaknesses and make money from individuals and businesses. This form of data kidnapping prevents or limits users from accessing their system or data, usually by locking the screen or the files themselves, until a ransom is paid.
Sometimes it’s anonymous. Sometimes the code is given a name. Some people or groups go as far as rationalising the attack and provide reasons for the singling out of a business, group or company, be they politically or socially motivated. The majority, however, are done for profit.
Paying the price
Victims are generally notified that the attack is taking place and given a list of demands, as well as specific instructions about how to regain access with a decryption key. It tends to involve a large sum of virtual currency or bitcoins and a ticking clock, both of which help protect the criminal’s identity.
The problem is, even if you do exactly as you’re asked, there’s no guarantee the attacker will unlock the system. In fact, there have been cases of ransoms being paid, only for the victim to find the list of demands grows and the ransom amount increases.
There are numerous ways in which ransomware can access your system and take possession of your most valuable functionality or information:
- Downloaded onto systems when users unwittingly visit malicious or compromised websites
- Arrive as a payload that’s dropped or downloaded by other malware
- Find a way in using spam email or malicious email attachments that are opened when an individual does not follow the guidelines to protecting the business from malicious emails
- Piggyback on infected software apps or external storage devices, or
- Present malvertisements that encourage users to click on seemingly legitimate ads
The list goes on, but you get the point.
Ransomware relies on users letting their guard down, making simple mistakes and giving the virus the split second it needs to take hold.
Once in, it spreads quickly and can change the victim’s login credentials, or encrypt files on the infected device as well as any other connected network devices, so it’s not hard to see how even one individual or one device not adhering to an organisation’s cyber security rules can put the entire business at risk.
How difficult is it to launch a ransomware attack?
Just like legitimate Software-as-a-Service (SaaS) kits can be bought, so too can Ransomware-as-a-Service (RaaS), which means people with little or no technical skill can buy cheap programmes, target businesses and launch attacks with minimal spend and effort.
As a result, cyber-extortion is on the rise and because it looks for chinks in the armour, the best way to protect yourself and your business is by backing up devices regularly and scheduling software security and antivirus audits, updates and patches, so they never slide or present opportunities unnecessarily.
Businesses with good IT policies are better protected and at less risk of threat. There’s no foolproof way to ensure an attack is never launched, but if you’ve taken appropriate measures to protect data and employ robust strategies around authentication, access and storage, you’re far less likely to be targeted.
If you do suffer from a ransomware attack, it is also very important to have a business continuity plan in place to ensure your organisation can keep things ‘business as usual’ and avoid any delays in service provision.
Learn more from our IT 101 Series by downloading Part 1 of our collected guidelines and tips below: