Ransomware is one of the fastest growing areas of cybercrime. The intended target is often small and medium sized businesses, because they have fewer resources compared with larger organizations. Historically, the root word ransom refers to a criminal demanding a payment in exchange for releasing someone or something that has been taken.
Rasomware is defined as malware or malicious software, designed to take control of computer system. The attacker kidnaps or encrypts the victim’s data and demands payment in exchange for a key that decrypts or makes the data visible again. Typically, ransomware spreads through email attachments, infected software programs and compromised websites.
On March 31, 2016, the U.S. Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC) issued a statement to address the growing number cases with ransomware.
It is difficult to know the exact number of ransomware incidents because victim organizations often don’t report a breach. According to the 2015 article in the Wall Street Journal, about 30% of ransomware victims pay to regain their data, estimates Tom Kellermann, chief cyber security officer for Trend Micro Inc.”
In one case, a small Houston company, Advantage Benefits Solutions experienced a ransomware attack on a single computer. This quickly spread to the server and backup system. A ransom note appeared on the infected computer’s screens saying:
“Pay $400 within 72 hours to unlock the data.”
The company initially decided to not pay and wanted to regain access to their files. The small business was advised by their IT provider to pay the $400 because the alternative was to spend ‘thousands of hours’ to break the encryption code.
In a higher profile case in February 2016, a Los Angeles hospital paid $17,000 after it was hit by a ransomware attack, as reported in the Guardian newspaper. According the president and CEO of Hollywood Presbyterian Medical Center, the hospital lost all access to its computer systems. The quickest way to restore their systems and administrative functions, including access to patient files, was to pay the ransom.
I was recently interviewed by Global News about the risk of ransomware to governments. Governments and larger organizations with more resources and IT expertise have options such as capability break encryptions. They are usually better equipped to with frequent and reliable backups that allow the company to rollback to an earlier backup of files, prior to the hacking incident. Smaller organizations mistakenly assume they will not be targeted. Hackers know smaller organizations are more vulnerable and more likely to pay.
Marc Goodman in his book, Future Crimes offers 5 best practices that organizations – large and small – can follow to protect against ransomware.
1. Back up your information frequently.
You can backup your data to an external hard drive or use a cloud provider service. Both options are recommended. If your physical location experiences a natural disaster, fire or theft, it is ideal to have a physical device backup stored at a different location. Use built-in operating backup tools that come with your operating system to do backups. If using a cloud backup service, encrypt data before uploading for an added layer of protection.
2. Perform regular software and security updates
All software comes with bugs and vulnerabilities. The vendors who create a software issue software and security updates for your operating systems, computer programs and apps. Some of the more common applications used by criminals are browsers, plug-ins, media players, Flash and Adobe Acrobat. Keep automatic updates turned on for computers and mobile devices to minimize a breach.
3. Use good judgment with email and web browsing
Banking or shopping online should only be done from a computer or device that is on a network that you trust. Never use a public computer or an Internet café with free WIFI for sensitive website browsing.
Be careful about clicking on a link or opening an attachment, even if it looks like it came from someone you know. Get inot the habit of reviewing email message headers for fake emails. Criminals use generic names like “First Generic Bank Customer” to avoid the time it takes to send customized emails. Also, the sender may look authentic with the same font, color and logo of a company you recognize. However, upon closer inspection, for example, you may notice www.ciitibank (two i’s is fake) instead of www.citibank.com. You may observe bankofamerica.accountupdates is fake (accountupdates.com is the real website operated by criminals). When in doubt, do not click on a suspicious message.
4 Use complex passwords
Passwords should be long and contain a mix of upper case, lower case and symbols. Each site or account should have a different password. According to Instant Checkmate, it is reported nearly three out of four people use the same password for more than one site, while more than three out of five smartphones users do not use a passcode to protect their device. One third of people use the same password for every website with weak passwords like ‘12345.’
5. Get a password manager
Get a password manager. A password manager remembers dozens or hundreds of passwords you use, so you don’t have to. In recent years, they have added features that enhance security and further protect customers. The most popular password managers are 1Password, DashLane, LastPass, RoboForm, StickyPassword and LogMeOnce, which charge a monthly or annual subscription fee.
What is the best way you can protect yourself? Perhaps, the best decision is to use a password manager regularly. Password management software works across platforms on any computer and any device. The main purpose of a password manager is to remember the dozens or hundreds of passwords you use, so you don’t have to. In recent years, they have added features that enhance security and further protect customers.