Ransomware is a growing threat and one that no business or individual can afford to ignore. According to Kaspersky Lab telemetry, the 62 crypto ransomware families discovered by the company’s researchers in the past year attacked more than 1.4 million people around the globe in 2016*.
Incredibly, 75% of ransomware comes from Russian-speaking criminal underground. It is very organised. But attacks are largely indiscriminate, hitting organisations of all sizes. This very much reflects what we’ve seen amongst our own customer base. Ransomware is becoming a much bigger problem as attackers widen their sphere of activity. It’s very much a ‘shot-gun’ approach that the perpetrators are taking now. They are trying to hit as many businesses as possible.
One of the questions that is asked quite a lot now is, ‘should you pay’? The answer probably depends on how well prepared ready you are for the possibility of being hit by a ransomware attack. The amount demanded by attackers is not normally so much that it would break a business. And it is usually small enough to make the victim wonder whether it is worth the time and hassle of getting their system restored from a backup. For an individual, that might take minutes; for a business of any size, it could take hours or even a day or two. It may be time that you can’t afford to lose.
But business people should be under no illusion – in addition to performance issues and downtime, a ransomware attack will cost you in hard cash terms. This realisation has been a real wake-up call for many business owners and non-technical users over the last few months. They are now starting to take it seriously.
If you are hit by a ransomware attack and do decide to pay, it’s worth making sure that the assailant can in fact undo the encryption. They will often unlock a couple of files to demonstrate that they can. If you then have trouble using the decryption key they send over once the ransom has been paid, they will put you onto their helpdesk or ‘customer services’ team! That’s how organised they are now.
It is of course, much better to take preventative measures that will stop you falling foul of a ransomware attack in the first place. Putting a unified threat management (UTM) device onto your gateways and making sure there are kept fully licensed and up to date, is vital.
Equally, staff need to be made aware of the danger and how they could open up your systems to a ransomware attack by carelessly clicking on emails or attachments from unknown addresses – or even from addresses that look legitimate. Good email security, anti-spam and content filtering are important, but being aware of the threat potential is perhaps the biggest defence of all.