Did you hear about the ransomware attack Walt Disney suffered in 2017? Hackers allegedly gained access to Disney's IT system, pirated the latest, unreleased Pirates of the Caribbean movie, and demanded a ransom for the return of the stolen data. This was a very high-profile case, but ransomware commonly affects organizations of all sizes, in all sectors. What can your business do to protect itself from this threat?
Ransomware has been around since the late 1980s. The 2019 FBI Internet Crime Report details close to $9 million in annual losses due to ransomware attacks, noting that this number does not include lost business, time, wages, files, equipment, or any third party remediation services. It is also believed that this number is artificially low, since many victims do not report their losses.
In a nutshell, ransomware is a type of malicious software that could encrypt the target’s files. Employees of a targeted company can no longer access valuable data or critical computer systems: they are essentially locked out of their own business. The attacker then demands a ransom for a decryption key to restore access.
Ransomware is commonly delivered through phishing campaigns that rely on malicious code, sometimes embedded in email attachments. One tactic is to send an email with an attached invoice. Victims are likely to open such attachments whether or not they recognize the sender. Hackers may also attempt spear phishing campaigns by identifying an individual within an organization and personalizing their emails to bypass email spam filters.
Any organization with an IT system could be a target for ransomware, no matter the amount of its revenue, size of its client base, industry, or other identifying aspect. Some hackers are simply indiscriminate aggressors. As ransomware has been around for a few decades, there are best practices you can follow to better protect your company from its damaging effects:
- Familiarize your employees with common phishing schemes and train them to carefully vet all attachments and links before opening them. Individual employees are the avenue by which ransomware enters a company’s IT system. The more your team understands how to prevent this threat, the lower your risk of attack.
- Keep up-to-date backups. If you have recent copies of your files, there will be little reason to pay a hacker who is trying to extort you for access to your files.
- Regularly patching and updating your IT systems will help decrease the vulnerabilities of your organization as a whole. A complete system inventory can also help track what needs to be protected.
If you are interested in learning more about how to better protect your system from ransomware attacks, contact the computer scientists at XorFox for a free consultation.