Ransomware continues to be a highly profitable industry, earning criminals over a billion dollars last year...even before the very malicious WannaCry made news worldwide. Organizations big and small have been impacted, as well as individual people. 2016 also showed more than a 750% increase in the number of ransomware variations.
What caused the explosion in ransomware attacks and paid ransoms to grow at such a staggering rate? In short, new capabilities.
Instead of impacting only individual computers, ransomware variations can now spread across your entire network from just one single infected user. Because they can lock up databases and archives that aren’t stored on individual computers, these network-level infections are even more malicious. Part of the WannaCry strategy for offering low cost ($300) ransoms was based on how the ransomware spread throughout networks, enabling the criminals to charge on a per-system basis.
Some are profiting by selling "ransomware-as-a-service" to other cybercriminals so anyone can create an attack. One group selling packages for delivering the notorious Cerber ransomware earned over $200K in one month without even performing their own cyberattack. This creates even more risk for businesses as the criminals buying ransomware-as-a-service may have fewer scruples and not return your file access even after you pay the ransom
Taking basic cybersecurity precautions is becoming more critical every day. Create multiple backups of your data, including one that is separated completely from your network. Always update applications and operating systems with the latest patches. Use up-do-date security and antivirus software. Limit access to business-critical data to only those that truly need it.
As always, the human component is your strongest line of defense but is most often the weakest. Business leaders need to understand that cybersecurity should be part of every business plan. Employees need education about risks and how to develop and maintain habits to combat social engineering. Just being aware of risks isn't enough - cybersecurity needs to be in the forefront of every employee's mind.
Automated Information Technology Company (AITC) specializes in protecting small businesses from cybersecurity threats. Our services can protect you before threats happen, or remove them after the fact. We partner with TrendMicro, a top security software company that has prevented over 100 million ransomware threats.