Ransom: A sum of money demanded for the release of goods. Software: The programs and other operating information used by a computer.
What do you get when you combine the two? Ransomware.
Ransomware is a form of cyberattack in which a cybercriminal encrypts some of the files your business has stored on network-attached drives. Cybercriminals use phishing attacks or other methods to leverage encryption of your business’ devices — and potentially the rest of your network. Ransomware has proven effective over the years due to many businesses fulfilling the demands of these cybercriminals: payment.
Who Ransomware Affects
Ransomware could affect anybody, but cybercriminals have acquired experience over the years. They are learning who to target and who is willing to pay a sum of money to acquire their own documents, devices and servers back. The target of choice? Municipalities.
While the number of ransomware infections has decreased, the FBI’s Internet Crime Complaint Center has stated that the damage experienced by those infected has risen. This is partly due to the fact that entire cities can essentially be shut down by these cybercriminals. Cities such as Lake City and the City of Riviera Beach felt as though they had no other option than to pay ransom. Indiana’s LaPorte County paid a ransom of roughly $130,000 in early 2019.
Because cybercriminals have been strategically targeting municipalities, insurance is offered to cover such attacks. And since insurance is available, cybercriminals have been more strategically targeting municipalities. This is a chaotic snowball effect which does not show signs of slowing in the near future. The best way to prevent your business from being rolled into this chaotic era of cyberattacks is by being prepared.
Preparation Is Key
Minimizing the risk of your data being lost to a ransomware attack starts with a backup plan. Up-to-date backups of your data should be kept isolated, ensuring that a cybercriminal cannot gain access. These backups must also be thoroughly tested. The only thing worse than finding out your business has been affected by a ransomware attack is finding out your business has been affected by a ransomware attack and your backup has failed.
Education is another key element in preparing for a ransomware attack. Employees must be trained to spot “phishy” emails to ensure cybercriminals are not able to penetrate your security layers and encrypt your computer or your server.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.