The number of ransomware attacks is increasing at an alarming rate, making ransomware the biggest cyber threat that businesses are facing today. To see this disturbing trend, you only have to turn back the clock to the beginning of 2016. There was a 30 percent increase in the number of ransomware attacks in the first quarter of 2016 compared to the fourth quarter of 2015, according to Kaspersky Lab's "IT Threat Evolution in Q1 2016" report.
The situation is getting so serious that the United States and Canada issued a joint cyber alert about the dangers and prevalence of ransomware attacks. The alert recommends that businesses take preventive measures to protect their computers from ransomware infections.
So, what should you do to protect your business? First, you need to learn what ransomware is and how it is spread. Armed with this knowledge, you can take measures to secure the points at which ransomware might enter your business. You also need to prepare for the worst-case scenario — a ransomware infection occurring, despite your best efforts to prevent it.
What Ransomware Is and How It Is Spread
Ransomware is a type of malware that cybercriminals use to extort money from businesses and individuals. It usually encrypts files, but it also might lock computer systems. The cybercriminals then demand a ransom for the private key needed to decrypt the data.
Cybercriminals use a variety of techniques to spread ransomware. One common way is to use phishing or spear phishing emails that try to trick the recipients into clicking links or opening attached files. If they fall for the ruse, their computers will likely become infected with ransomware.
The Locky ransomware attack in February 2016 is a good example of this distribution technique. Cybercriminals sent out phishing emails that included an attached Microsoft Word document, which contained a malicious macro. Recipients who opened the attachment and enabled the macro had their computers infected with the Locky ransomware.
Another common way that cybercriminals spread ransomware is through drive-by downloading. Cybercriminals either build a malicious website or post a malicious advertisement (aka malvertising) on a legitimate one. When users visit one of these websites, code is installed on their computers without their knowledge. The code usually redirects the users' browsers to a server where an exploit kit tries to find a known vulnerability. If one is found, it is used to install malware. In April 2016, cybercriminals delivered the Locky ransomware this way. They took advantage of a vulnerability in Adobe Flash Player to install Locky on users' computers.
Cybercriminals do not just stick with their old tricks for delivering ransomware. They also come up with new ones. For example, in a series of attacks during March and April 2016, hackers exploited a known vulnerability in servers running Red Hat's JBoss software to install backdoors, which they then used to deliver ransomware.
How to Protect Your Business from Ransomware
When it comes to ransomware, you need to do all that you can to prevent the infection. Consider taking these preventative measures:
- Use anti-malware software. It helps detect and block known ransomware and other kinds of malware.
- Update operating system software and applications regularly. Cybercriminals like to target programs with known vulnerabilities. Patching these vulnerabilities reduces the number of exploitable entry points.
- Keep email filtering tools up-to-date. These tools use various filters to help weed out phishing emails and spam. Most email programs include filtering tools, but you can also purchase advanced filtering solutions.
- Teach employees how to spot phishing and spear phishing emails. Be sure to discuss how dangerous it is to click links and open attachments in emails, especially if they are from unknown senders.
- Make sure that Word macros are disabled on any computer running that application. A ransomware attack can be initiated by malicious commands hidden inside a Word macro.
- Educate employees about the importance of avoiding any websites marked as potential security threats by their web browsers or anti-malware software. Those websites might contain malvertising or other malicious code.
Cybercriminals are constantly devising ransomware variants and new ways to spread them, so you need to prepare for the possibility of an infection. Specifically, you should regularly back up your files as well as test those backups. If you know you can recover your files from backups, you will not have to give into cybercriminals' ransom demands should your business fall victim to a ransomware attack.
Waiting to Act Could Be a Costly Mistake
Now is the time to take action to prevent ransomware infections if you have not yet started. Waiting could be a costly mistake. Besides the expenses incurred from having to restore your systems and files, there will be lost income due to the disruption of your business operations.
Your IT service provider can help you take the necessary actions to protect your business from ransomware. It can also help you set up effective backup and restore operations.