skip to Main Content
Tips to Protect Your Business From Ransomware

Over the last few years we’ve observed the steady rise of ransomware with some trepidation. It is fast becoming a multi-million dollar business, and it’s getting surprisingly sophisticated. The ransomware industry is continually innovating, offering cybercriminals new technology, various business models, and all the support they need to conduct successful attacks on unsuspecting individuals and companies.

Changing face of ransomware

Ransomware has come full circle since it first appeared on the scene in 2005. Early crypto ransomware soon gave way to misleading apps, fake antivirus tools, and lockers. But it’s back now, it’s mature, and it’s here to stay, according to Symantec’s Evolution of Ransomware report.

In the early days of ransomware, attackers would use misleading apps and fake AV tools to alarm victims and then ask for fees to fix the fake problems. Or they might flash up bogus FBI warnings, threatening prosecution unless money was paid. Eventually they began to lock down systems, blocking access to specific apps or the whole system until the ransom was met.

The main threat today is crypto ransomware, where files are securely encrypted and victims have to pay to secure the key and unlock their own files, and it’s very tough to beat.

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in Boston talking to The Security Locker.  “To be honest, we often advise people just to pay the ransom.”

Cost of ransomware

There are lots of different ransomware packages out there. Just looking at one of the most popular examples, CryptoWall, the FBI’s Internet Crime Complaint Center (IC3) received 992 related complaints between April 2014 and June 2015, with victims reporting losses of more than $18 million. That’s just what was reported.

The Cyber Threat Alliance put together a report profiling the CryptoWall v3 threat and suggested that it had afflicted hundreds of thousands of users worldwide and caused damages in the region to the tune of $325 million.

Services for cybercriminals

In McAfee Labs 2016 Threats Predictions report ransomware features prominently, and the report makes special mention of the success of the ransomware-as-a-service business model. Experienced cybercriminals are offering high quality ransomware to would-be attackers with little or no technical knowledge or skills in return for a cut of the extortion profits. The ransomware is typically hosted on the Tor network and payment is made almost untraceable with virtual currencies like Bitcoin.

Users of these ransomware services can expect to get helpdesk support, and it’s in the interests of the extorters to ensure that data is returned to those who pay. The service providers will skim anywhere from 5 percent to 20 percent of each ransom, so they aim to make it as easy as possible for the cybercriminals who sign up.

What can you do?

Just like any other malware, you have to install ransomware before it can encrypt your files, so there are some simple precautionary steps that everyone can take to drastically reduce the risks:

  • Make sure you have updated AV software running.
  • Don’t open attachments in emails, unless you know what it is.
  • Don’t follow links in emails, close the email and go directly to the website in your browser.
  • Use strong passwords, and don’t reuse the same passwords.
  • Make sure all of your system software and browsers are patched automatically with security updates.
  • You should apply all of these rules to whatever device you’re using. Smartphones, tablets, and Macs are not immune to ransomware.

You can also mitigate the risk of ransomware by having a robust and regular backup routine. If your files are backed up and you can access them, there’s no need to pay to unlock them, but it may still require some serious effort to rid yourself of the ransomware once your system is infected.

Ransomware is sure to be an even bigger issue in 2017, so it’s very important that you take steps to prevent infection. If you do fall prey to something like CryptoWall v3, there’s no way around it. Your only realistic prospect of getting the files back is to pay the ransom.

When it comes to ransomware the old saying, “an ounce of prevention is worth a pound of cure,” could not be more fitting.

Michelle DroletMichelle Drolet

Michelle Drolet

Michelle Drolet is founder of Towerwall, a woman-owned cybersecurity and cannabis compliance services provider in Framingham, Mass., with clients such as CannaCare, Smith & Wesson, Covenant Healthcare and many mid-size organizations. She can be reached at [email protected].

 

 

This Post Has One Comment

Leave a Reply

Your email address will not be published.

Recent Stories

State considers social equity licenses for people impacted by ‘war on drugs’ to get cannabis shop licenses

SEATTLE – The Washington State Liquor Cannabis Board is considering a point system that would give people convicted of a drug-related crime and did prison time – preferential treatment when applying for retail cannabis license. If adopted, the City of Seattle will adopt the same rules and set aside $1 million dollars in grant money…

Majority of RI cities and towns will vote on recreational marijuana sales

Thirty-one of Rhode Island’s 39 cities and towns will ask voters whether to allow the sale of recreational marijuana within their borders, the secretary of state’s office said Thursday. In May, Rhode Island became the 19th state to legalize adult-use recreational marijuana, with sales starting Dec. 1. The state plans to license 24 new retail shops…

Arkansas Supreme Court issues provisional order placing recreational marijuana amendment back on ballot

Conditional certification stipulated The Arkansas Supreme Court on Wednesday granted a petition to allow a proposed constitutional amendment that would legalize recreational marijuana back on the November ballot until it decides how to proceed with the Arkansas Board of Election Commissioners’ decision to not approve its ballot title. The Arkansas Supreme Court stated in court…

Sweeping cannabis bill becomes law, after yearslong effort on reforms

Vetoes study on medical marijuana in schools Governor Charlie Baker on Thursday signed into law a package of significant reforms to the state’s multibillion-dollar marijuana industry, capping a yearslong campaign by advocates, entrepreneurs, and regulators to rewrite the rules of cannabis commerce in Massachusetts. While officials said key aspects of the bill could take a…

More Categories

Back To Top
×Close search
Search