Since the 1980s, ransomware – an attack method in which malicious software locks down a user’s PC and files until they pay a set amount to the attacker – has been a constant in the digital realm. But until recently, the nature of the Internet meant that these attacks primarily targeted individuals. Criminals lacked an effective means of assaulting larger enterprises.
This is no longer the case.
On some level, you’re probably cognizant of this fact. After all, the healthcare industry has seen a massive surge in ransomware over the past few years, with one extorted hospital being forced to pay out $17,000. There are several core factors that have contributed to this unprecedented growth:
- The increasing popularity of Bitcoin, an anonymous digital currency. Bitcoin is now the preferred method of ransomware attacks, as it allows individuals to send and receive money from anywhere in the world.
- Innovations and advances in malicious applications, and the readily-available nature of most modern ransomware.
- Enterprises that lag behind in installing security patches and updates, or fail to properly educate their employees about digital risk.
That’s right – it’s not just hospitals or consumers that are at-risk from ransomware anymore. Any business in any industry could be a victim. Often, all it takes is a single negligent user to send things spiralling out of control and lead to an entire network being infected.
And if you think that’s something that can’t happen to you, you simply haven’t been paying attention.
“According to the U.S. Department of Justice, ransomware attacks have quadrupled this year from a year ago, averaging 4,000 a day,” writes Robert Mcmillan of The Wall Street Journal. “One university chief security officer said he purchased two bitcoin “mining” machines, which generate bitcoin on their own by performing the complex calculations that allow the bitcoin financial network to operate. Since January, he has been using these systems to stockpile bitcoin, just in case he needs to quickly recover a critical computer.”
In short, ransomware is a threat for everyone – not just end users. You need to protect your business from it. Luckily, like any other form of malware attack, there are a number of measures you can take:
- Educate your users. If your users are taught to recognize a sketchy email or a phishing scam, it will significantly reduce the risk that a workplace device winds up being compromised.
- Keep your software up to date. This should go without saying, but you can not afford to lag behind on installing security patches. Update the moment new software is available – because every moment you wait is another in which an attacker can target your business.
- Create frequent backups. Keep those backups separate from your core systems.
- Be proactive about system security. Use monitoring solutions to check for suspicious file activity, and take measures to ensure employees aren’t connecting unauthorized devices to your network.
- Purchase bitcoin mining machines. If all else fails, it couldn’t hurt to follow the lead of the professor in the WSJ article and purchase some bitcoin mining tools – that way, you’ll be prepared in the event that you need to get a critical system back online fast.
Once solely a consumer problem, ransomware has evolved beyond its humble roots into a legitimate enterprise threat. You need to be aware of its existence – and prepared to deal with it. Otherwise, you’ve only yourself to blame when your systems end up being locked down by a criminal.