In a typical ransomware situation, a virus will lock access to a computer or system. The user will then get a message demanding payment within a certain period of time or the information will be erased and destroyed. Viruses such as Cryptolocker, Cryptowall and TeslaCrypt have exploded in the past few years, capturing hard drives and demanding ransoms.
McAfee labs revealed in a recent report that there was a 26% increase in new ransomware events in Q4 2015. Security firm Malwarebytes also said two-fifths of businesses in the U.S., Canada, UK, and Germany have been hit in the past year by a ransomware attack. Their survey of 540 IT directors and CIOs found that 22% of American firms reported over 20 cyberattacks in the past year. Almost half of the ransomware attacks were initiated by employees clicking on something they shouldn’t have in emails, and 80% of the time, the targets were mid-level managers or higher. In more than half of the cases, attackers demanded more than $1,000 to decrypt the data and victims paid the ransom 40% of the time.
“Over the last four years, ransomware has evolved into one of the biggest cybersecurity threats in the world,” said Malwarebytes senior security researcher Nathan Scott.
Shlomo Kramer, security expert and CEO of Cato Networks, said at Security Week that while large attacks at companies typically dominate the headlines, it’s a growing problem for the middle-market. Often unable to penetrate high-value, high-security companies, many of these attackers are going for easier targets like small businesses, hospitals, schools and even ordinary computer users. Mid-market companies are good targets because they have enough assets worth paying a ransom for, yet they often have limited resources and weak cybersecurity.
“Mid-market enterprises tend not to generate big headlines as far as cyberattacks go, but that doesn’t mean there [aren’t] more than enough to go around,” said Kramer.
Ransomware attacks even have shut down a number of healthcare centers, including one in California that paid $17,000 to regain access to its patients records, according to Time.
While ransomware attacks can be devastating, there are some relatively simple steps organizations can take to significantly minimize their risks. Companies should keep their operating systems up to date, regularly renew their anti-virus software, back up their files on a daily or weekly basis and never download anything from an email address they don’t recognize. Cybersecurity experts say users also should be skeptical of emails with attachments that arrive unexpectedly and appear to be from trusted brands. And like many cybersecurity initiatives, employee awareness is one of the most effective ways to reduce risk.
“The base antivirus program should be paired with an in-depth cyberscurity awareness training program for all employees,” said Kramer.