The worldwide ransomware epidemic is getting worse all the time. Companies that fail to protect themselves risk losing important business data, including customer files, product designs, supplier contracts, and more.
You can take some specific steps to quickly recover digital business files following a ransomware attack—and it can be done without paying the ransom or dealing with cybercriminals.
But before we get into that, let’s talk about the scope of the ransomware problem and how to protect your business from the latest threats.
What Is Ransomware?
Ransomware is a category of malware—or malicious software—designed by cybercriminals to encrypt your computer files and paralyze your business. After your files are encrypted, the software displays a ransom note with instructions on how to pay the cybercriminals in exchange for a decryption key. Payment is usually made in the form of Bitcoin, cyber-currency that’s nearly impossible to trace.
Ransomware is usually distributed via phishing emails with infected attachments or through dangerous web links. Cybercriminals are also known to exploit security vulnerabilities, hack into computer networks, and manually implant ransomware.
Market for Ransomware Skyrockets
The current ransomware epidemic began making headlines in 2013, and there’s no end to the scourge in sight. If you need proof, look no further than the dark web—where both experienced and amateurish cybercriminals buy and sell ransomware hoping to make a profit.
IT security firm Carbon Black monitored dark web forums over the last two years and analyzed the prices of individual ransomware viruses and do-it-yourself ransomware distribution kits. The company estimates that sales of ransomware increased from $250,000 to more than $6 million between 2016 and 2017.
The report also found that some ransomware vendors are personally taking in more than $100,000 per year, presumably tax free.
New Ransomware Threats Emerge
Ransomware viruses are abundant. Developers often come up with creepy sounding names for the file-encrypting menaces. Some of the most effective and well-known ransomware viruses include Locky, CryptoLocker, and Cerber.
And of course there was WannaCry, the ransomware that raced around the globe last May, infecting more than 200,000 computer systems in the process.
New ransomware variants are emerging all the time. Here’s a quick look at a few of them:
Locky Gets a Powerful Makeover
Locky was once the most prevalent form of ransomware, but then infections seemed to taper off last year. Well that’s all over because Locky is back and meaner than ever.
Security researchers in September discovered a new version of Locky that was used in 20 million attempted ransomware attacks in one day alone. The goal of such widespread attacks is to cast a wide net and snare as many ransomware victims as possible.
Troll Encrypts Everything
The Microsoft Windows Defender Security Intelligence team in September spotted a new form of ransomware—dubbed Troll—that targets Microsoft Windows users and encrypts every file on the victim’s computer regardless of its location or file extension. Security researchers warn that this could lead to Windows failing.
Magniber Could Spread Fast
Cybercriminals are using a technique called “malvertising” to spread a new form of ransomware called Magniber. Malvertisements are disguised as legitimate advertisements on a website. But when a victim clicks on the ads, they unleash a ransomware attack that encrypts their files and demands a ransom.
Magniber is currently being used to target victims in South Korea, but as we’ve seen in the past, it could spread quickly.
How to Prevent a Successful Ransomware Attack
The number-one way to prevent a successful ransomware attack is to exercise extreme caution before opening an email attachment or clicking on links embedded within the body of an email.
Cybercriminals have gotten very good at creating deceptive emails that appear to come from your bank, your credit card provider or other legitimate companies. They may also appear to come from friends or relatives.
Do not open any attachments or click on links unless you’re absolutely certain the email comes from a trustworthy source. Here are a few other ways to prevent a ransomware attack:
- Use firewall and antivirus software and keep it up-to-date.
- Educate yourself and employees on how to avoid the dangers of phishing emails.
- Apply the latest security patches to operating systems and business applications.
How to Respond to a Ransomware Attack
When all else fails and your computer becomes infected with ransomware, you can get your files back without paying the ransom. But it only works if you take the initiative and back up your computer files to the cloud before a ransomware attack occurs.
If your files are backed up to the cloud and your computer gets infected with ransomware, take the following steps. Please note that these instructions apply to Microsoft Windows-based computers, but the steps for Mac users are very similar:
- Remove the infected computer from the network so the ransomware can’t spread to other computers. If the computer is not running on a network, skip this step.
- Shut down the computer by holding down on the power button.
- Turn the computer back on and select “Safe Mode with Networking.”
- Reconnect to the internet. Then download and run a malware detection and removal tool such as Malwarebytes or Norton Power Eraser.
- Once the virus is removed, delete all encrypted files and restore clean versions from your cloud backup service.
Remember, if your computer files are properly backed up, you’ll never have to pay the ransom.