If it hasn’t already been dubbed “The Year of Ransomware,” 2016 is well on its way to earning that title. Even though ransomware has been around since 1989 (starting with the AIDS Trojan), we’ve seen a spike in the number of incidents over the past couple years that has left us wondering:
Why ransomware? Why now?
While there are several factors contributing to the increase in ransomware activity, the driving force is more than likely the fact that ransomware is fast money – a short-term ROI. With ransomware, cybercriminals don’t have to worry about handling personal information and/or trying to sell that information on the black market. That comes as a secondary benefit once they’ve infected a machine. If they so choose, cybercriminals could easily walk away with just the ransom and no additional information. After all, according to a recent study, 40% of companies are willing to pay the ransom to decrypt their files and/or regain access to their machines (e.g. workstations).1
The introduction of crypto-currency (as in Bitcoin) has been attributed as a key catalyst to this growing epidemic. While traceable, crypto-currency is an easy, verifiable way for cybercriminals to get paid. Another contributing factor may simply be the fact that the size of the cyber landscape itself is significantly larger than it was in 1989 (when the AIDS Trojan was released). To put it into perspective, over the course of a decade, the number of Internet users has increased by over 825%.2 That percentage excludes the number of devices (estimated at an average of 3 per person).3 In other words, the pool of targets has expanded (or widened) and, therefore, more opportunities abound for cybercrime.
What can I do?
First, it’s important to understand how ransomware spreads. The most common way it’s delivered is via phishing emails, followed by drive-by downloads, and then social media (i.e., a malicious link on Facebook). We’ve also seen instances of ransomware in malvertising campaigns. Cybercriminals are finding any and every opportunity to finagle their way into your network.
Since delivery varies, there’s no single technique by which to stop ransomware in its entirety. Rather, it’s a collective effort between you, your employees, your vendors, and your cybersecurity solution.
In its simplest form – ransomware protection involves going back to cybersecurity basics:
Backup your data. At the very least, backing up your data will delay the impact after a ransomware attack. One of the costliest parts of cybercrime is its effect on business operations. Simply put, downtime is money lost.
Keep your systems up-to-date. This may seem like an obvious step, but it’s too often neglected, much like backing up data. The rate of threat generation (including ransomware) is uncanny and kind of scary. Keeping your systems updated ensures you have the latest protection in a threat landscape that’s constantly evolving.
Educate your employees. Often times, humans are pointed out as the weakest link in a cybersecurity chain. The reality is that they’re also your best defense. Ideally, ransomware is stopped before your employees even encounter it, which is why keeping your systems up-to-date is so important. However, in the event it does reach your employees, you want to be sure they don’t blindly accept enabling macros in a Word document, for example. Ultimately, educating your employees strengthens your security posture, as they become both your first and last line of defense.
Like crime in the physical world, cybercrime isn’t going anywhere, anytime soon. It’s a real threat with real repercussions.
What do you think is the driving force behind the increased ransomware activity? What other steps can companies take to stop ransomware? Let us know in the comments section below.