Ransomware – the biggest cyber threat?

Ransomware is the biggest cyber threat to organisations and individuals alike. The speed at which the number of ransomware infections is growing is incredible: predictions suggest that worldwide, a business will fall victim to ransomware every 14 seconds in 2019, increasing to every 11 seconds by 2021.

In Q1 of 2019, Kaspersky Labs reported that more than 280,000,000 URLs were identified as malicious – and even more unnervingly, 50% of companies report that they do not feel as though they are adequately prepared for the threat.

While newer cyber threats increase, these statistics show that ransomware isn’t going away any time soon – 34% of businesses hit with malware took a week or more to regain access to their data. That’s an astonishing amount of downtime and potential loss of revenue that could have a catastrophic impact on your finances.

With damage related to cybercrime set to hit $6 trillion by 2021, investing in security should be a priority for 2019 and beyond.

What is Ransomware?

Ransomware is not new – the first recorded instance of an infection dates back to 1989.

Defined as malware that locks users out of their devices/blocks access to files until a sum of money or ransom is paid, Ransomware attacks can and do cause significant downtime and data loss. Ransomware infections can also constitute a data breach, leading to significant financial penalties under GDPR.

How do you get it

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

How do you know if you are infected

There are many identifiers that your IT systems have been compromised – often, you’ll see a splash screen that clearly states you’ve been infected, with instructions for how to pay the ransom to restore access. Other times, you’ll just find that you can no longer open your files.

Every folder that has been encrypted will usually have a file that will tell you how to decrypt your data. These will be called ‘_DECRYPT YOUR FILES’ or something similar.

How can you mitigate against a Ransomware attack

Backup, backup and backup again!

The single most important defence against ransomware is ensuring you make regular backups and have a solid business continuity plan. Hackers are betting that you will have no offsite backups and you will have no other option than to buy back access to your data. As long as you have a “clean” copy of your data, you can refuse to pay the ransom.

Follow best practice security principles

Ensure you update your computer operating systems and software (including any anti-virus and Malware protection software) whenever there is a new release or patch. Watch out for phishing emails and do not open suspect emails or links. Restrict users’ permissions to install and run software applications. Train your employees on security – they are your first line of defence, since cautious online behaviour is the best prevention from infecting your network.

Get a complete assessment of your company’s security posture and potential risk. Even routine backups may not protect your data. If the data has been infected, and you are not aware, or if the backup is not segregated from the network, backups may also be corrupt. A complete assessment of your infrastructure can identify vulnerabilities and gaps in protection against internal and external threats.

Be sure to review all security configurations, anti-virus and anti-spyware deployment, patch management, and company security policies for accuracy and completeness. Look for other tools (including Cyber Security services) that can help keep you better protected than your competitors.

To date, cybercriminals have mostly targeted hospitals, government institutions and academic institutions, but ransomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Considering the cost of work-arounds and downtime, the ROI of improved cybersecurity becomes irrefutable.

What should you do if you do get infected

The official advice from worldwide law enforcement organisations is DON’T PAY. Not only are you lining the pockets of organised crime syndicates, statistically only 19% of ransomware victims who pay the ransom actually get their files back.

The safest option is to restore any encrypted files from a known, good backup.

If you want more information or would like to chat to one of our team, head to our contact page.

Links to more information: