"Local company pays ransom of $150,000 to stop hackers from exploiting their clients and deleting all files." This is the headline we'll never see yet it happens all the time. Why do we not hear about it? Because the last thing a business wants the public to know is they were hacked and for customers to lose confidence in their company. Here we walk you through the maze of ransomware and how your business can defend against these cybercriminals.
What is Ransomware?
Ransomware for consumers are those pop-up messages that say you've been hacked and to pay $29 for a 'pc cleaner' and all will be well. For business a ransom attack by a cybercriminal is an entirely whole other level. In it's simplest form it is when a hacker from anywhere in the world gains access to your business computer systems and with the ability to access or delete all of your personnel, client, and corporate files. Then they let you know they have the access, prove it to you, and ask for a tidy sum in return often in untraceable bit coin or wire transfers.
Additional Ransomware Definition Resources:
- Learn all about ransomware in this information page from security leader Malwarebytes including how ransomware cybercriminals find you, the varying types of ransomware, and how to protect yourself from an attack.
- In this article Symantec, What is ransomware?, we learn that conventional ransomware is defined as a whole hard drive a computer being encrypted in effect shutting your business down until you buy the key from the cybercriminal.
- From ZDNet we gain a perspective on the history of ransomware and how to protect yourself and your business including a definition, how ransomware has evolved, and a sample ransomware message as seen below.
Ransomware, No Business is Protected
Would it surprise you to know that the PGA of America was impacted recently? The list goes on and on and the scary thing is, how many businesses never reported their attack by cybercriminals and never reported?
Here are just a sampling of the stories out there, that we hardily hear about, on ransomware attacks by cyber criminals and the tools they use to blackmail us to pay them thousands of dollars:
The True Costs of a Ransomware Attack on Business
While the full extent of the cost of a ransomware attack on a business is hard to measure we do know cybercriminals stand to receive anywhere from a few thousand to hundreds of thousands in ransom payments per incident. Here are some ransomware stats that may surprise you in the extent that ransomware is on the rise and the potential impact to your company in hard costs and reputation.
- Nearly 3 out of 4 companies infected with ransomware suffer two days or more without access to their files. (according to Acronis)
- The average cost of ransomware attacks is $133,000. (according to Sophos)
- Ransomware damage costs predicted to hit $11.5B by 2019 (according to CSO Online)
- Only 26% of US companies that paid ransomware attackers had files unlocked. (according to TechReupblic)
- Danish transportation and logistics giant Maersk suffered $300M of business interruption losses due to a ransomware attack. (according to Acronis)
How to Protect Your Business from a Ransomware Attack
Prepare: Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered. Follow these 5 tips for improving cybersecurity at your business found here.
Confirm Multiple Points of Data Back-Up and Continuity: A proper back-up process that is routinely tested for restoration from multiple points in the cloud and on-site are crucial to overcoming a cybercriminal ransom attack.
Detect: Think strong antivirus software always updated, penetration testing on a rouitine basis, and a robust firewall policy. Review this article on phishing and how your employees might be duped to provide confidential information on your clients and business.
Disconnect and Contain: The best time to have cybersecurity insurance is BEFORE an attack. Weigh the pros and cons of cybersecurity insurance here and be sure to consult with your attorney and insurance advisers before proceeding.
A Practical Cyber Security Checklist
- Train employees on cyber-security threats
- Conduct a cyber-security readiness assessment (details)
- Discuss with your attorney how you might handle a ransomware attack
- Contact local law enforcement for their protocols for a ransomware attack
- Apply best practice multi-level password protocols
- Educate yourself at the Center for Internet Security