Hackers, like most criminals, are usually looking for an easy payday. Thus, they tend to look for methods by which they can easily extract money from their victims with as little risk to themselves as possible. Unfortunately, the easy availability of ransomware has given them just such a method. These days, criminals don’t even have to create their own ransomware: They can buy it from other criminals on the dark web! Thus, it is no wonder that ransomware is exploding worldwide. Are you prepared to do what it takes to protect your organization?
Ransomware Is Indeed Exploding
Let’s try to get an idea of just how bad the problem has become. First, we might take a look at this report from Malwarebytes. They surveyed corporate executives in the U.S., the U.K., Germany, and Canada (540 of them in all). Based on those responses, they are reporting that 40% of all businesses had been hit with ransomware in the previous year.
We think those numbers might be a little skewed, largely because they focused on executives from companies that are more frequently targeted. However, there is a bigger problem: That study is from 2016 and is, therefore, a little outdated. Still, it shows that the problem has been growing for a long time.
Let’s look for something a little more recent. This report from Blackfog is a lot more comprehensive, detailing every specific example that they could find. Here is how the attacks break down on a monthly basis:
- January: 19 attacks
- February: 23 attacks
- March: 25 attacks
- April: 31 attacks
- May: 22 attacks
- June: 26 attacks
- July: 29 attacks
- August: 21 attacks
- September: 24 attacks
- October: 24 attacks
- November: 15 attacks
- December: 33 attacks
That gives us a grand total of 292 attacks for 2021. These numbers also won’t be exact because many companies do not report ransomware attacks. Sometimes, they decide that the risk of damaging their reputation isn’t worthwhile. Thus, they pay the ransom and (maybe) get their data back. Of course, this is an irresponsible thing to do, as paying these scum will only encourage them to continue and expand their activities. Besides, even if they do return your data, they are sure to retain copies of valuable information for their own use.
For reference, this same study recorded a total of 250 attacks for 2020. It’s also worth noting that most of those 2020 attacks occurred in the latter half of the year. The first half of 2020 saw relatively few attacks, but they absolutely started to explode in September and October.
How To Protect Yourself And Your Organization
You will be glad to know that this isn’t an unsolvable problem. In fact, with a little bit of diligence and preparation, you can make yourself quite resistant to ransomware. Like many other types of scam artists, ransomware hackers will cast a wide net, looking for someone foolish enough to fall for their scam. Most cybersecurity authorities seem to agree that ransomware attacks are not usually targeted at one specific group.
Thus, we can already identify our key strategic point: Don’t be an easy target. There are many ways in which we can do that. Let’s go over some specific steps one by one.
1. Backups, Backups, And More Backups!
The key concept of ransomware is “holding your data for a ransom.” Naturally, someone cannot extract a ransom for something that you still have. Data is one of those things that can be duplicated easily without losing anything, so take full advantage of that fact!
Ransomware works by using malware, which infects the operating system and takes control of the device and/or network. So, if you wipe the entire drive (including the whole operating system), you will get rid of the malware. From there, you can restore everything from your most recent backup, minimizing the loss of data. This is why you should always be looking to improve your backup system.
Of course, you need to have a recent backup for that to work. That is why you want to back up your data often, especially the most crucial stuff. You also need to store those backups on a computer or drive that is not connected to the internet. Anything that is connected to the internet can potentially be hacked, and some ransomware is actually designed to seek out and corrupt backup files.
2. Management Of Vulnerabilities
Pretty much all software will contain inherent vulnerabilities in the code. It is hard to avoid this, as patching one flaw will often create another one. However, your best bet is to keep all your software updated at all times. Make sure those updates are only done in the approved way, as update hijacking is a thing. Usually, the safest thing is to update the software from within the software and make sure that it is connecting to the right manufacturer through network monitoring.
3. Education And Training
Along with software bugs, social engineering is the most common way for a cyber-attack to begin. You don’t have to worry about circumventing firewalls, encryption, and other digital barriers if you can just trick a legitimate user into revealing their login credentials. That is the basic goal of a social engineering hack, and these tactics are (unfortunately) often successful.
At the same time, awareness can make a huge difference here. Once a person understands the idea of a social engineering attack and how such an attack works, they will be better able to recognize one. Once again, this is an area where criminals prey on the uneducated.
Believe it or not, these three things can make you very resistant to ransomware attacks. By using regular and comprehensive backups, you remove the ability of anyone to hold your data hostage. By keeping everything patched and updated, you keep hackers from exploiting known software vulnerabilities. By educating the people in your organization, you give them the knowledge to recognize a dirty trick when they see one.
At PCH Technologies, we understand that every company values its security highly. That’s why we provide computer IT services with an emphasis on security. Whether you need small business computer support or something on a larger scale, you can call us anytime at (856) 754-7500.