Protecting Yourself from Ransomware Attacks – What You Need to Know

Ransomware attacks reached record levels in 2018. Airports, oil companies, shipping firms, and many other types of organizations across a wide range of industries continue to fall victim to cyber assault. Knowing how to protect yourself against a ransomware attack is vital – not just for major enterprises, but for businesses of all sizes.

What is Ransomware and How Does it Work?

Ransomware is a malicious software that works by encrypting your computer files, or locking access to them. During an attack, ransomware literally holds company systems and records hostage, while demanding payment in exchange for their release.

Ransomware attacks are the result of malware entering your computer system – usually by way of an email link or attachment, or when you unknowingly visit an infected website. You’ll know your system’s been compromised when key files become locked or encrypted, and a ransom note – or pay page – is displayed on the screen of the infected computer.

Here are a few statistics illustrating the recent effects of ransomware on global businesses:

  • A survey conducted by Sophos security software found that more than half of IT decision-makers polled across Canada, the US, and eight other countries had been hit by ransomware in 2017.
  • A study involving 200 security service providers revealed that small and medium-sized Canadian businesses paid some $5.7 million to attackers during the year ending mid-2017. Of the third that had opted to pay, 13% reported never recovering their data.
  • According to security specialist SentinelOne, 45% of US companies hit by ransomware attacks last year paid their hackers, but only 26% of those had their files unlocked. And the organizations that did pay were targeted and attacked again 73% of the time.
  • Cybersecurity Ventures – the world’s leading global cyber economy researcher – has estimated that costs associated with ransomware damage will hit $11.5 billion by 2019, with a business being attacked every 14 seconds.

One thing that most ransomware attacks have in common is the use of hard-to-trace payment requests demanding Bitcoin or prepaid gift cards as ransom. And although these amounts are relatively modest in many cases – a tactic designed to encourage compliance – the bigger costs associated with ransomware attacks include company downtime and data loss should your files go unrecovered.

How to Protect Against a Ransomware Attack

Cyber security professionals agree that the best defence against an unexpected disaster like a ransomware attack is to back up your data regularly, make use of security tools that help prevent ransomware, and train staff to recognize and avoid email phishing scams.

Although it can be difficult to prevent ransomware altogether, taking steps like the following to minimize your risk is essential:

  1. Ensure your antivirus protection is functional and up to date.
  2. Get in the habit of checking for and applying system security patches – especially for commonly exploited third-party software like Adobe, Flash, and Java.
  3. Consistently campaign to remind personnel about the dangers of clicking on unknown links and attachments.
  4. Back up data and systems regularly to local storage devices or cloud service providers – and remember to remove physical drives afterwards to prevent potential infections from spreading.
  5. Consider restricting user access to key endpoint devices like dedicated department computers, printers, and Point-of-Sale (POS) terminals.

Remember, rather than targeting specific victims, most ransomware attacks are opportunistic. That means they can happen inside any business sector, and can affect organizations of any size.

If your computer or network does become infected, many experts believe that paying to get your files back is generally a big mistake. Not only is there a good chance this won’t happen, paying off cybercriminals only helps to fund more widespread attacks. The more effective course of action is to invest those same resources into building up your ransomware defences.