Imagine you’re working quietly at your computer when suddenly a menacing message appears on the screen. All the data on your computer and your network has been seized from your control and the only way to access it is to pay a ransom.
You’re a victim of ransomware — malicious software that perpetually blocks access to a victim’s data using encryption technology unless you pay a ransom. Demands often range from between $200 to $10,000 in cryptocurrency to maintain anonymity. To make matters worse, victims don’t always receive the decryption keys even after paying the ransom. Some perpetrators extort them for more money after paying the initial demand, which is part of the reason why the FBI doesn’t recommend paying a ransom – doing so only encourages the same criminals to target other victims.
This crime, which dates back to 1989, often starts when a computer user unknowingly downloads malicious software, also known as malware, in one of various ways:
- Inadvertently clicking on a misleading or malicious link in an email
- Opening a file attached to an email that unknowingly executes harmful code
- Visiting a look-alike website that appears to be the one you know, but it’s not
- Downloading a file or application that is not what it purports it to be
The U.S. Justice Department estimates that more than 4,000 ransomware attacks occur every day targeting individuals, small businesses, governments, and corporations alike. It is a lucrative business for criminals; no business sector is immune from the threat. Anyone with a computer connected to the Internet is vulnerable to ransomware attacks. In 2017, the FBI’s Internet Crime Complaint Center (IC3) says victim losses exceeded $1.4 billion.
Your Business & Ransomware
The trend shows no sign of slowing as criminals try to target more corporate networks, possibly because business owners often are more willing to pay larger sums quickly to resolve the situation to maintain access to data to keep their business running. In some cases, the criminals destroy the data if they don’t receive payment within a certain timeline.
One of the problems with paying a ransom is that it does not guarantee your business will gain access to all of its data. According to a survey cited in Inc. Magazine, only about 45% of small and medium-sized businesses that pay ransoms get their data back.
Failing to secure your organization’s computer assets from ransomware and other similar threats, as well as not providing ongoing employee training, can cause significant harm to your employees, clients, and your business. It could also get you in trouble with the U.S. government. The Federal Trade Commission (FTC) says if companies fail to update their systems and fix known software vulnerabilities on a timely basis, they could be found in violation of Section 5 of the FTC Act, which protects consumers from unfair practices. Since 2002, the FTC has brought more than 60 cases against companies that failed to adequately protect consumer data.
Like most types of cybercrime, ransomware tactics are always changing, so it’s important to continuously train your staff and update your best practices and procedures frequently to maintain a safe and secure computer environment. Visit our Ransomware Prevention Checklist and Ransomware Reporting Checklist to learn more about how to prevent and report this dangerous threat.