If you follow HIPAA breach news you know that around a third of the breaches reported involve Ransomware attacks. One of the most terrifying things about this type of attack is that anyone with a computer is a potential victim. Because many small business owners don’t believe they are important enough to be targeted, they are especially vulnerable.
What is Ransomware?
A type of malicious software, the idea behind it is simple–encrypt the victim’s computer to lock them out of it and demand money from them in order to restore access. With your personal or business files being held hostage, these hackers instruct victims to pay within a set period of time or risk losing that data forever. The worst part is that paying the ransom doesn’t ensure that access will be restored.
There are multiple types of Ransomware.
Who are the Targets?
As we mentioned above, everyone is a target, but that doesn’t mean that hackers aren’t able to choose targets. Sometimes they go after people and businesses who can pay larger ransoms, but mostly they are looking for easy targets. When targeting ransomware, we’ve found that they go after four particular targets:
- Businesses with small or no security teams – this includes small businesses and universities who are perceived to have file sharing practices are not very secure, simple or no passwords, and limited security protocols.
- Any business that maintains sensitive digital information – small medical practices, law firms, and real estate agencies are targeted because revealing this data could result in large fines, legal controversies, and public embarrassment.
- Those who will pay quickly – this includes organizations such as banks, hospitals, and government offices who face serious consequences for not having immediate access to their data as well as individuals with a large social media presence.
- Corporate Entities – members of this target group includes not just the large corporations themselves, but anyone who uses their logo, which can include contractors, business associations, and franchises.
Best Practices for Dealing with Ransomware
As we mentioned above, Ransomware is extremely profitable for the hackers and there is no guarantee that paying the ransom will put an end to the threat. The single most important thing about Ransomware is prevention, but in order to prevent it you must realize that YOU ARE A TARGET. We all are targets.
That doesn’t mean that there’s nothing we can do about it. Here are some ways to deter the hackers and protect yourself.
- Get Security Software: if you don’t have some type of anti-virus or anti-malware on EVERY computer, you are vulnerable
- Update the Security Software: new threats are emerging all the time, keeping security software updated keeps the hackers out
- Update, Update, Update: yes, all those Windows updates, Office updates, and browser updates can be annoying, but the vast majority of the updates you are seeing are security updates, if you’re not doing them, you’re leaving yourself vulnerable
- Be Wary of Phishing Scams: we’ve talked about Phishing before, these are the perfect payloads for Ransomware; pay attention to emails and never, ever automatically open an attachment
- Watch Out For Macros: if you do open an attachment and it says anything about macros – STOP and make absolutely sure that it comes from a trusted source and that person purposely sent it, if not, cancel and immediately delete that email
- Cloud Storage for the Win: one of the great things about cloud services is that data is backed up offsite and you’ll be able to access a previous version before the ransomware took affect, you might lose a little current data, but that’s all
- Backups, Backups, Backups: this cannot be stressed enough, if you have a solid backup, no matter what else happens, you can be back up and running with very little downtime
- Never Pay the Ransom: even if you pay the ransom there is no guarantee that you will get your files back, and paying it tells the hackers that you are a target that can be exploited over and over and over, don’t do it!
Hackers are getting more advanced and new Ransomware variants are appearing all the time. Remember, the hackers are looking for the path of least resistance, be aware, secure your data, and train your employees. The more difficult you make it for the hackers, the better you and your data will be protected from being the next Ransomware target.