For the most part, we all have heard of Ransomware. Some may know more about it than others, but essentially this occurs when a Cyberattacker deploys a piece of malware on your computer, and essentially locks it up. This means not only you cannot access your files, but you can’t even login into your computer either.
This is truly a scary situation, especially when this happens to a business, and a large number of employees are affected, and cannot access the information and data that they need in order to conduct their daily job tasks. Productivity is lost, as well as a hit to the bottom line of the company. In order to for you to unlock your computers and files, the Cyberattackers want a ransom to be paid, in the terms of a virtual currency, such as that of Bitcoin.
Once they get this, then in theory, you should be getting a decryption algorithm in order to unlock your computer and related files. There are many other issues that are related to this, which we will address towards the end of this blog.
But first, in a recent study that was conducted called the “Q2 Cyberthreat Index for Business Survey” that was executed by a Cybersecurity firm known as AppRiver, it was discovered that 55% of the Small to Medium Sized businesses (SMBs) that were polled, they would pay the required ransom.
The study included 1,035 SMBs, and when the employee size dropped down to 150-250 employees, 74% of the respondents said that they would pay the ransom, and 39% said that they would pay it no matter how big their business is. It should be noted at this point, that this sampling of SMBs was taken across an entire gamut of industries that included the following:
Those businesses in the first five industries were most likely to pay the ransom; and those organizations in the last three industries were the least likely to pay up. For example, more than 70% of those organizations would not pay the ransom, no matter how much information/data was actually stolen.
Some explanations were offered into this insight. For instance, those SMBs in the first three industries have supposedly have the resources to pay the ransom and have the most to lose if they do not, in terms of reputation and customer loyalty.
But, those organizations in the last three in the above list because it would be illegal for any law related firm to comply with the demands of a Cyberattacker, and non-profits simply do not have the money to pay a ransom. Even more interesting is that this study was conducted over a majority of the big cities across the United States. In this regard, those SMBs that are based in Boston and NYC were more likely to pay up, as opposed to those SMBs located in Los Angeles or Washington, DC. All of this can be seen in the diagram below:
My thoughts on this?
Well first and foremost, the results of this study still demonstrate that Ransomware is still very much a dominating Cyberthreat that still lurks out there. Although the traditional attack vehicles for deploying the malware still remain the same, there are many new variants of it that are coming, which make it that much more difficult to track down. So, in other words, Ransomware will be with us for a long time, just like Phishing has been.
But, although anybody and any business entity can become a victim, here are some key takeaways that you have to act upon:
*As the Cybersecurity industry always preaches, keep your computers, workstations, servers, and wireless devices updated with the latest patches and updates (yes, Windows 10 can make this process an excruciating one, but there is not too much of a choice here).
*Always, always, keep a backup of everything that you do or save on your computer. For an individual, this may simply involve just using a thumb drive, but for the SMBs, this means keeping a backup both on site and off site. In this regard, it is highly regarded that you use the Cloud to back up your mission critical information and data. The reason for this is that you can restore all of this in just a matter of a few minutes or a few hours (depending on how much of it you have) with just a few clicks of the mouse. Also, the advantage with this is that no matter which geographic location you plan to restart your operations, you will always have access to the Cloud, provided that you have at least a good Internet connection.
*Never, ever pay ransom to the Cyberattacker. There are some reasons for this. First, even if you pay by Bitcoin, there is no guarantee whatsoever that the Cyberattacker will give the decryption algorithms. For the most part, they will literally take the money and run; thus, making you lose out twice. I have heard of only one Cyberattacker group that gave this after they hit their intended victims. Second, by paying them, you are only feeding into their appetite to launch more devastating Ransomware attacks demanding even more money. After all, their mentality is, if they can hit the first time successfully and get some bounty out of it, why not do it over and over again for more? Third, if you have everything backed up, there is no need to pay the Cyberattacker. Although this might be a pain and be inconvenient at the same time, all you have to do is just acquire new computers, etc. and load up the data again. Once this has been done, then you can simply discard the computer that has been hit, or better yet, you can turn it over to your local FBI office so that they can conduct a Forensics Investigation on it. Also keep in mind that the price of computer hardware has come down drastically, so acquiring new components should not be too much of an issue.
Finally, as mentioned before, anybody can fall victim for the first time to a Ransomware attack. The key takeaway here is how to prevent from becoming a victim the second time around.