Ransomware. Ransomware. You have heard the word and know it involves a cyberattack. You assume from news reports that it only happens to large companies like Target, Equifax, and Marriott Hotels for example, and that cybercriminals will not want to bother with your small or medium-sized business (SMB). Unfortunately, that assumption is wrong.
The Federal Trade Commission (FTC) notes that ransomware is a major concern of small business owners across the country. Another report notes that since nearly 50 percent of SMBs have no employee security and awareness training, they are particularly vulnerable to cyberattacks, including ransomware.
The U.S. Department of Justice (DOJ) reports that since January 1, 2016, more than 4,000 ransomware attacks have occurred every single day. Business owners suffer the temporary or permanent loss of their proprietary information, disruption of their daily business operations, and the extreme expense of restoring files, if that is even possible. Their reputation in their community may also be damaged.
What is Ransomware?
Ransomware is a type of malware, a software program intended to damage computer files. It quietly invades your computer, encrypting as many files as it can locate on your local and network drives. The encryption is done by using a complex mathematical algorithm. When the encryption is complete, your files become unreadable unless you have the key to unlock them.
The only one with the key is the cybercriminal who demands you pay a ransom in order to regain access to your files. Your data has been kidnapped. A simple virus scan cannot undo the encryption. Your data is being held hostage by the cybercriminal.
In many cases, there is a time limit for payment. A count-down clock may even appear on your screen telling you that you must pay the ransom within a certain period of time or forever lose access to the files.
How Ransomware Gets into Your System
Ransomware enters your computer most often by a “phishing” approach. This happens when an innocent user receives an email that appears to be from a friend, co-worker, or reputable company. It includes an attachment. When the user clicks on the attachment, it is downloaded and, voila, ransomware invades that device and all other devices connected to the network.
Some websites have malware lurking in the background. It only takes one keystroke and the malicious software will now infect all the files it can access. The intent is to cause as much damage as possible to your network so that it shuts down and you can no longer access any of your files.
Should you Pay the Ransom?
The DOJ does not advise SMBs to pay the ransom. But, it does note that victims of ransomware have tough decisions to make when considering whether or not to pay. It recommends ransomware victims consider the following factors before paying the ransom:
How to best protect employees, customers, and shareholders.
Paying the ransom does not guarantee that the cybercriminal will provide the key to decryption.
Some victims who paid the ransom and did get the decryption key were again targeted by other cybercrminals.
The DOJ encourages businesses who have been invaded by ransomware to report it to law enforcement. There is a chance that they can use legal tools, including working with international law enforcement, to locate the encrypted data.
How to Prevent Ransomware from Invading Your Network
The most important step of preventing ransomware from invading your network is education. Your employees need to understand how ransomware works, and they need to be constantly aware of the importance of not clicking on any attachment no matter how legitimate the sender appears to be. The attachment must first be scanned for malware.
Every file needs to be backed up so it is accessible off of the network so that if there is a ransomware attack, your business is not crippled beyond repair. If an attack is discovered on one device, immediately shut down all devices connected to the network.
Cybercriminals are getting smarter and learning how to circumvent cybersecurity that is installed to prevent the ransomware and other malware attacks. There are Managed Service Providers (MSPs) who can provide a robust cybersecurity system that can withstand the threats. They should also be able to ward off a threat before it can cause any harm.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.