Most of us know about computer hacking, computer viruses, and computer malware. But, did you know about a new threat that is soaring against company computer systems called ransomware?
Ransomware happens when a cybercriminal, or gang of criminals targets your business. Once they have successfully infiltrated your system, they lock up your system and lock your data files. To have your data and computer system unlocked your company is required to pay a Bitcoin ransom. One thing corporate America can learn from cybercriminals is excellent customer service.
Once your system is controlled by the bad guys, they take great pains to explain where you get Bitcoins and how to make the payment. In most cases involving professional cyberthugs, once the ransom is paid, they quickly restore your system. They know if they didn’t and simply took the payment and left a system locked it would soon become public, and no one would pay a data ransom.
If you don’t pay and don’t have good backup media that is current, some of or all your data will be lost.
How Is a Ransomware Attack Conducted?
The first step in a ransomware attack is a successful phishing expedition. A computer phishing scheme is one where a person who wants access to your system to kidnap it, sends an email to one or more employees that has an attachment or an image for your employee to click on. As the attachment or image downloads, so does a secret executable file. The executable file contains the ransomware virus that quickly spreads throughout the system freezing computer activity and locking data files.
Another way that black hat operators access and kidnap business computer systems is from a website that is infected with ransomware. When a staff member clicks on a download from the infected site, the ransomware executable file tags along and opens when the download is complete.
How Does a Business Defend Against Ransomware?
Human error is a big part of the success of ransomware. So, the likely starting place for preventing ransomware attacks is to inform and educate all employees about the dangers inherent in opening links or attachments from an email address that they are unfamiliar with. Also, warn employees against downloading or clicking on links on a website they have not visited before.
Past sharing phishing scams and how that leads to a ransomware attack, there are some practical things to do on the IT system part of the equation. First, make sure your IT department is confident that the software they have for antivirus and antimalware works as advertised. They should be set to automatically download new signatures every day.
Software and hardware firewalls also need to be reliable and patched as soon as a patch is available.
Ransomware is not the only danger facing companies on the internet. Viruses, scams and trickery rule and the unprotected will fall.
So, if you want to have the time to run your business and not monitor your computer system, hire a Managed Service Provider to handle your overall cyber security.