When you hear about ransom demands, most people imagine criminals kidnapping friends, family or co-workers in a highly charged robbery scenario. But what if the hostage in this situation isn’t a loved one, but your computer and data?
Ransomware is a kind of malware in which the cybercrook gains access to your computer or data and holds it hostage in exchange for money. It was first spotted in 2005, according to Trend Micro, and since then it “has graduated from being scareware that locks the screens of its victims to a sophisticated malware that locks down the most essential component of a victim’s system — its data.”
If this sounds like something only your grandmother could fall susceptible to after clicking a link in an obvious chain email scam, think again. According to Trend Micro’s research, “70 percent of incidents reported hit mostly small- and medium-sized businesses, followed by enterprise and the consumer segments.”
So someone other than sweet ol’ granny is falling for these socially engineered cyber booby traps.
In the early days of ransomware, malware proprietors would lock people out of their systems in exchange for money.
“We saw ransomware in the beginning that would take advantage of the whole system and just prevent you from accessing your own system and then asking you money in order for you to come back,” said David Sancho, a Trend Micro senior threat researcher, in an expert video.
But there’s been an evolution in ransomware, and now most of the cybercriminals have graduated to swiping the valuable data on the machine.
“They go after the data, they encrypt the data. They don’t care if you access the PC, but you won’t be able to access that data. Now you want that data? Is that valuable to you? Pay them,” said Sancho.
So what should small- and medium-sized businesses do to prevent their data from being held hostage?
Trend Micro has four specific recommendations:
Back up your files regularly: Apply the 3-2-1 rule: Store three backup copies of your data on two different media, with one of those copies in a separate location.
Access your favorite websites only via bookmarks: Attackers can easily slip malicious codes into URLs, directing unwitting users to a malicious site where ransomware could be downloaded. Bookmarking frequently visited, trusted websites will prevent you from typing in the wrong address.
Verify email sources: It always pays to be extra careful before opening any link or email attachment. Verify with your contacts prior to clicking in an email.
Protect the endpoints: Implement a solution with advanced monitoring of incoming email and other traffic that employs real-time threat intelligence to identify and safeguard one’s network from malicious emails, compromised URLs and command-and-control hosts, and infected file attachments.
In the case of ransomware, the best defense is really good data backup.
“You have to treat ransomware like any other data corruption. Just as in any data corruption, you have to have a solid backup plan in place. If you don’t, then you’re subject to data loss,” said Sancho.