What’s New?

Ransomware is old news – it has been around at least since 1989 – but it has only now started to attract widespread attention. Ransomware is a type of malicious software (or malware, for short) that blocks access to the infected device, to some or all of the information stored in the device, or even worse, to files in the device’s network. To unlock either the device or the data, the responsible cybercriminals require the victim to pay a ransom. Ransomware is typically enabled when a victim clicks on malicious links in an email or online.   Internet security software company, Kaspersky Lab, recently released a report on the rise of ransomware between 2014 and 2016. The findings are troublesome, some of which are as follows:

  • The total number of users who encountered ransomware between April 2015 and March 2016 rose by 17.7% compared to the previous 12 months (April 2014 to March 2015) – from 1,967,784 to 2,315,931 users worldwide;
  • The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware rose 0.7 percentage points, from 3.63% in 2014-2015 to 4.34% in 2015-2016;
  • The number of users attacked with mobile ransomware grew almost 4 times: from 35,413 users in 2014-2015 to 136,532 users in 2015-2016.

What You Need to Know

There are generally two types of ransomware: blockers and encryption ransomware. Blockers involve the blocking of the victim’s computer desktop and windows, and usually contain a message requesting the victim to send money to unlock the infected computer. Encryption ransomware, on the other hand, encrypts the victim’s files, which are impossible to decrypt without a special key that is usually held by cybercriminals. Blockers are reversible in that the victim could reinstall their computer’s operating system to get their files back, while encryption ransomware can only be reversed if you have the decrypt key.   While the responsible cybercriminals are generally the “bad guys” in these cases, organizations should note that they may not be fully off the hook when it comes to these ransomware attacks. In the United States, the FTC requires organizations to implement reasonable security measures to protect personal data held by organizations. Moreover, organizations could violate security laws that require them to implement security measures depending on the type of data they hold, e.g. HIPAA’S Security Rule has specific security requirements for personal health information.

Practical Tips

Organizations should heed the following tips to prevent (or at least minimize the threat of) ransomware:

  • Educate or Train Your Workforce on Data Security: Because ransomware infection often results from a lack of knowledge about common cyberthreats and the methods cybercriminals use to lure their victims, cybersecurity training is more important than ever. Teach your team not to fall for these traps and to reach out to IT/Security if they are unsure about a specific e-mail, file, or link. (Kaspersky Lab found that 43% of surveyed consumers did not know what ransomware was, and 9% believed it had something to do with social media accounts being held for ransom.)
  • Back Up Your Files. If it is technically impossible to back-up all the files you have, you can prioritize the most critical, isolate them, and regularly back them up.
  • Implement Strong Security Measures. Or implement at least security best practices. Use reliable security solutions and turn on advanced features that would catch unknown threats.
  • Keep Your Software Up To Date. Fix software vulnerabilities in a timely manner – this practice could limit your liability should a breach or ransomware attack occur.
  • Avoid Paying The Ransom. As tempting as it may be for businesses to just pay the ransom, there is no guarantee that you will regain control of your device or files after doing so. Instead, work with your IT and Security teams to figure out if you can use backed up data in the meantime, while you go through the next tip …
  • Report Ransomware Attacks To Law Enforcement. Crackdown on ransomware cybercriminals is one of the few things that work in this area.