On May 12, a ransomware attack disrupted businesses around the globe. Called WannaCry, the malicious software encrypted files on infected computers and then offered to restore the files – in exchange for a payment. More than 300,000 machines in 150 countries were hit.
Although this attack was especially large-scale, ransomware has been around for a while. According to the FBI, ransomware attacks are becoming both more common and more sophisticated. Some attacks depend on emails with links to malicious code, while others hide their code in legitimate websites.
As ransomware attacks like WannaCry become the norm, no organization should assume it’s safe. Even small businesses may find themselves the victims of this cyberattack.
After a ransomware attack, some organizations give into the cybercriminals’ demands and make the requested payment, usually in Bitcoins. In a White House Press Briefing on the Monday after the WannaCry attack, Tom Bossert reported that around $70,000 had been paid so far.
Although this may be the fastest way to resume normal business operations in some cases, it is far from ideal. First of all, it costs the organization money. Second, it encourages cybercriminals to launch more ransomware attacks. The money may also be used to fund other illegal activities. Furthermore, there’s no guarantee that the files will actually be restored. Bossert reported that, as far as he knew, payments made to the cyber criminals behind WannaCry had not resulted in any recovered files. Nevertheless, many organizations see no other option.
The ideal solution, of course, is to avoid becoming a victim of ransomware in the first place.
Business owners should do several things to protect their companies from ransomware.
- First, all computers should have anti-virus software installed. It’s also important to update software regularly and to install all patches provided, as ransomware is always evolving and cybercriminals love to exploit weaknesses in software.
- Second, all employees must be trained on cybersecurity – not just people who work in IT. Ransomware, along with other types of malware, often infects a computer or network after an employee unwittingly clicks on a malicious link. Because of this, anyone who has access to a company computer needs to know how to avoid ransomware infections.
- Third, all important files should be backed up on a separate device regularly. This way, if a ransomware infection does occur – remember that cybercriminals are always improving the sophistication of their attacks – the damage will be far less significant. Instead of paying the ransom to retrieve files, the business can simply access the essential files through the backup and resume business.
Another way to lessen the negative impact of a ransomware attack is to purchase cyber insurance. Cyber insurance can cover the financial loss that occurs after a ransomware attack, letting the organization recover as quickly as possible. Prevention is still the best strategy, but because ransomware and other cyber security issues present such a serious and growing danger, cyber insurance is looking like an increasingly important component of a business’s cyber security plan. Talk to your Heffernan agent to learn more.