The Rise of Ransomware and What It Can Mean For Your Business

October marks many "awareness" months, including Cyber-Security Month, This joint effort between government and industry aims to keep business owners safe from the growing threat of ransomware, malware, email phishing scams, and more.

Ransomware is malicious software designed to block access to all or part of your business' computer system until a sum of money is paid. Ransomware is considered a type of malware, which encompasses all kinds of viral attacks on a computer system. Hackers find weak links in your company's system and place ransomware to encrypt your data.

Your time and resources are better spent preventing an attack rather than responding to one. Unfortunately, with ransomware attacks on the rise, it's prudent for all business owners to thoroughly understand what they're up against.

The rise of ransomware.

The first recognized and reported ransomware attack occurred in 1989 against the healthcare industry, still a heavily targeted sector today. Modern ransomware is only five-years-old and began with the CryptoLocker. Schemes often go by teasing names like this, but there's nothing to laugh about if you're a target.

"New-age ransomware involves a combination of advanced distribution efforts such as pre-built infrastructures used to easily and widely distribute new varieties" of malware, according to Ryan Francis, managing editor of CSO and Network World.

In fact, some sophisticated attackers develop toolkits that can be downloaded and deployed by hackers with less technical skills. Advanced cybercriminals have generated hundreds of millions of dollars in revenue with ransomware-as-a-service programs like these.

How ransomware works.

So, how do hackers make money? Ransomware freezes data and/or operating systems, making it impossible for you to regain access without paying a sum of money. Once the software finds its way into your system, it's designed to spread through your network and lock information. Typical entry points are email phishing scams, fake app downloads, and social media messaging.

You'll often know you've been attacked when computer screens freeze and a pop-up message appears. Hackers often request reasonable sums of money in order to encourage compliance. Their success grows with economies of scale since the easiest, most efficient, and the most economical solution is for business owners to pay. However, hackers don't always comply once payment is received. Even if they do, various forms of malware may be left in your system.

Who is at risk for a ransomware attack?

The very thing that makes it easier to do business makes it easier for hackers to find you. Increased digitization across organizations increases vulnerability. The size and scope of companies are irrelevant if access is available.

• The PGA of America experienced a ransomware attack this past August, asking for payment via bitcoin.

• More than 300 universities in the United States and abroad were hacked earlier this year and had an estimated $3 billion stolen in intellectual property.

• The City of Atlanta, GA was crippled for nearly a week last March when a ransomware attack shut down most of their online systems, making it impossible for residents to pay their water bills and the courts to process cases.

The economics of ransomware.

Because ransom amounts are often reasonable, businesses tend to comply. The F.B.I. reports that more than $1 billion was paid to ransomware hackers in 2016. The Department of Justice reports an average of 4,000 attacks per day in the U.S. that same year.

Those numbers may seem shocking, but ransomware schemes are big business. Ransomware is simple for cybercriminals to create and distribute, resulting in a low-risk / high-reward business model. Given that most companies are not adequately prepared to defend against or respond to an attack, ransomware is the fastest-growing cyber threat to organizations.

Hackers are savvy digital marketers, often running multiple campaigns at the same time with tiered pricing depending upon their targets. Unfortunately for businesses, most cyber-security insurance policies have an extortion clause, making it difficult to obtain reimbursement for ransom payments.

The best line of defense is a strong offense, which can be built with your cyber-security consultant. Build the cyber-security offense at your SE Michigan business with Steve Panoff, IT Sales Specialist. Email spanoff@utecit.com or call (734) 434-5900. he has gained unique capabilities to support small businesses faced with cyber threats.