Beware of Ransomware: Hacks to Stop Getting Hacked

Piece written by CEO of StickmanCyber, Ajay Unni.

 

For many, cyber-crime may evoke scenes of hooded hackers in action thrillers, but not a tangible threat to everyday people and businesses. In reality, cybercrime is a huge issue around the world, with some estimates expecting global cybercrime costs to reach $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

Ransomware is one common and dangerous type of malware that can cause serious damage. Ransomware encrypts a victim’s files, systems or networks, effectively holding them hostage until a specific amount of money is paid.

A ransomware attack can cripple a business with temporary or permanent loss of sensitive information, disruption to regular operations, and financial losses incurred to restore systems and files.

A common form of ransomware attack is through email phishing, where the victim clicks on a malicious link and gives the cyber criminal system access. A variation is ‘drive by downloading’, where a user visits an infected website, and inadvertently starts the download of malware onto a system. Ransomware can also be distributed via infected links on social networks.

Ransomware attacks are so prevalent because cyber gangs look for revenue streams that offer them the best return on investment. Businesses often end up paying ransoms because the value of their compromised data or networks often outweighs the value of the ransom. Businesses may also consider the negative reputational impact associated with notifying officials and the public, and opt to pay off the criminals quietly instead.

 

 

Such attacks are effective because cyber criminals prey on human emotions, instilling fear and panic into victims to trick them into relenting. Companies that frequently transfer sensitive data may be more willing to pay in order to keep attacks under wraps, as a high level of confidentiality is intrinsic to their business.

 Cyber criminals look for the path of least resistance and will try using compromised usernames and passwords. Make sure you never share your passwords and have multi-factor authentication (MFA) in place on all systems.

MFA means there are two checks in place to prove your identity before you can access your account. For example, you may need to supply an authentication code from an app and your password. This makes it more difficult for someone to access your files or account.

Ensuring operating systems and software is up to date will reduce the number of vulnerabilities. Taking care when installing new software or when giving existing software administrative privileges is also important. Finally, creating backups of files can reduce the impact of a ransomware attack. A backup is a digital copy of your most important information that is saved to an external storage device or to the cloud.

As with any cybersecurity risk, avoiding ransomware attacks is all about prevention rather than cure. With the right protections in place, you will never be forced to make that impossible choice: to pay or not to pay?