Ransomware continues to make the headlines, prompting validated fear amongst users who have been or will be, affected by a cyber attack. Ransomware is a type of malware that encrypts a victim’s information and prevents or limits access to their data until a ransom is paid.
In order to successfully tackle the rising capabilities and number of attacks, it’s critical to understand the motive of cybercriminals. They’re aware of easy and effective ways to monetize their attacks and ensure payouts, which includes targeting victims who cannot afford downtime from their data, ultimately forcing them to pay the ransom. Such businesses pay their way out of attacks by believing it is the easiest and cheapest way to get back to business.
The rise of ransomware is linked to several factors:
- The COVID-19 pandemic and the rapid adoption of remote and digital networks are ideal scenarios for cybercriminals to flourish.
- Cryptocurrencies continue to gain popularity and traction amongst a variety of user types, increasing digital access to funds and transactions privy to attacks.
- Cybercriminals are exploring new approaches and continually becoming more sophisticated in their attacks.
- Many companies have paid the ransom, encouraging future attacks and inspiring new ones.
The surge of ransomware has been broad, including banking and financial services. The banking sector alone has seen a 1318% increase in ransomware attacks, and the total amount of ransom paid more than tripled in 2021. Media coverage of such attacks highlights major banks and retailers, but small businesses are even more vulnerable to these threats. Small businesses act as prey due to their lack of cyber defenses and the lack of firepower to respond effectively.
The many methods of ransomware
Learn the most common types of ransomware methods and see how cybercriminals use different techniques to launch attacks:
- Drive-by downloading: malware is downloaded and installed without user knowledge while the individual visits an infected website.
- Malicious email attachments
- Fake services advertised such as technical scam support
- Silent infections from exploit kits
- Using removable devices on public computers
- Installing executable files with a high probability of being infected from unauthorized websites.
Ransomware protection for you and your business
Protect yourself and your business from ransomware. Start by following basic security and cyber hygiene practices and increase your defenses to help discourage opportunistic attacks. Research and invest in security specialists and take their advice seriously.
Recommendations from experts include:
- Keep tight control over access keys and passwords. Use strong passwords, preferably passphrases that are uncommon, and never reuse the same password across multiple sites.
- Enable 2FA (two-factor authentication) or multiple-factor authentication, making it harder for cybercriminals to gain access to your accounts with a compromised password.
- Invest in good antivirus software for endpoint and server protection. Be sure to scan your computers regularly.
- Configure your firewall to prevent ransomware and close all unused ports on your server.
- Train your employees on best practices, such as only opening trusted attachments, and guarding themselves against the various types of phishing attacks.
- Ensure to back up your business data on a regular basis, store it offline or in another location so that you are able to recover if you are targeted, without being forced to pay any ransom.
- Invest in cyber liability insurance to ensure you are covered in the event of your other precautions failing.
The fallout of ransomware reaches far beyond the cost of the ransom. The technical costs of recovery, data breach investigations, and legal costs alone can be detrimental. Beyond that, you may experience productivity loss, brand reputation can be ruined, and can impact your business profits.
Here’s more on how to protect your small business against cyber attacks.
About the Author:
Najma Sultana Chief Security Officer: Ms Sultana established and leads Veem’s IT & Cybersecurity practice since Dec 2020. She brings 25 years’ technology and cybersecurity leadership experience in private and public sector organizations with global footprint. She holds a Bachelor of Technology in Electronics & Communication Engineering.