If you’ve been reading technology news lately, you’ve probably seen some sensational headlines about one of the recent ransomware attacks. What does it really mean for the average small or mid-size business?
Ransomware is malware that locks your files away and charges you money to get them back. It is generally transmitted via email attachment or web links.
An example of an email with a ransomware file attached.
Unfortunately, ransomware is bad news for businesses. The number of corporate users hit by ransomware rose six fold to 158,000 in the last year. The ransom demanded has increased from a few hundred dollars in 2014 to upwards of $5,000 in 2016 – and many companies are paying up to get their files back.
If you have backed up your files and get infected by ransomware, failing to pay could cost you your most recent data even if you have been backing your files up. This is because the software slowly encrypts your data over days or weeks, so by the time the software requests payments, up to one month’s worth of data backups may be full of encrypted data that can’t be restored without paying the ransom.
If you don’t have data backups at all, either you pay the ransom or you lose all of your data on any computers that have been infected. This kind of data loss is catastrophic for many companies, which is why companies will often pay the ransom even with no guarantee the criminals will restore the data, and even though it encourages them to target companies for further ransom.
Locky, one of the most common ransomware applications.
Needless to say, the best approach to dealing with Ransomware is to prevent it from entering your network at all. Here are some tips to avoid being compromised:
Install antivirus software on all of your machines, and automate updates so you’re protected from the most recent viruses, malware, and ransomware.
Ensure that your firewall is configured correctly and kept up-to-date.
Educate your employees on malware, and discourage them from opening suspicious links. Make sure to show them examples of suspicious emails, and provide them with a resource to call or email if they are unsure whether an email is legitimate or not.
Request that employees not check personal email on work computers – and if they do check personal email, do not allow them to open attachments, where ransomware often lurks.
If users do not regularly use macros such as those in Excel or Word, disable them, as these types of attachments also can contain malware and ransomware.