Today a new type of malware is currently making the rounds that may be worse than anything we have ever dealt with before. It is called ransomware and it is a type of malware that not only hijacks your desktop, but also holds it ransom. Not only is ransomware scary for individuals who manage their lives almost entirely on laptops and smart phones, it is even more frightening for small- to mid-sized businesses that depend on the viability of their IT systems for their success.
What is Ransomware?
Ransomware is a type of malware that not only holds your vital data files hostage, but also seeks to extort money from you for their return. How does ransomware actually work? In a typical attack, the ransomware takes control of your desktop, displaying a pop-up that your computer is infected and you must purchase a software product to take care of the problem. In early versions of ransomware you could simply reinstall windows and the problem would go away. Today, however, ransomware developers have become increasingly sophisticated. The latest forms of ransomware will actually begin to encrypt your vital personal and business files, displaying a message that you will not receive the encryption key until you have paid a particular sum, often as much as $300. The ironic thing is that some of these programs actually treat extorting money as though it were an e-commerce shopping cart, happily guiding you through the checkout process by offering you a variety of payment options. Once they have extorted several hundred dollars from you they will give you the key to retrieve and restore your files, but can you really trust them to live up to their end of the deal?
What Ransomware Can Do to Your Business
While the effects of ransomware on individuals may be bad enough, a ransomware attack can cripple a small- to mid-sized business. Since 2014 the frequency and severity of ransomware attacks on small businesses have increased a great deal. Small and medium sized businesses are particularly vulnerable to cyber attack because they do not have the financial resources to invest in IT management and security services. Because they have limited staff resources, many small businesses are not always able to implement IT best practices. In the event of a ransomware attack, even if the company actually does pay the ransom and receives a retrieval key, there is no guarantee that the files will not be damaged. For this reason it is important for businesses to avoid ransomware and protect themselves from ransomware attacks.
The best way to avoid ransomware is to follow IT best practices including:
- Never download any suspicious files.
Ransomware may appear as an .exe file attached to an email. Do not open or run any of these suspicious files without scanning them first. This is especially true if do not know the sender and were not expecting anyone to send you any attached files.
- Keep your anti-virus program up to date.
As noted earlier, ransomware is a new type of malware. This means that, if your anti-virus is old, it might not be able to detect certain kinds of ransomware. For this reason, ensure that you have the latest version of anti-virus software protecting your system.
- Keep your browser and operating system updated.
Those who develop malware understand that older versions of web browsers and operating systems are sure to have certain security loop-holes that brand new malware, like ransomware, can penetrate. By keeping your system up to date, you effectively avoid this risk.
Protecting Your Business Against Ransomware Attacks
The best way to protect yourself and your business from a ransomware attack is to take the danger of losing access to your most important files away by taking backup and business continuity measures. This is done by moving important files to a location where they cannot be written over, encrypted or erased on either an external hard drive or a remote server. If you store your files on an internal hard drive the ransomware could conceivably gain write access to them, making your important files vulnerable to ransomware attack.
While this may sound like a lot of work, it is actually a standard part of most managed IT security packages. IT security services routinely back up your company’s files on remote servers, keeping them safe from threats like ransomware. Through a multi-step process, including risk assessment, backup and business continuity measures, email protection and 24 hour network monitoring, an IT security service will also keep your systems up to date, so you are always ready to avoid or deal with the latest cyber threats.