In 2015, victims paid a collective $24 million in ransom and another $325 million to disinfect machines and restore backup data. In 2016, the cost was expected to total $1 billion.
Ransomware is malicious software that locks one’s computer or network until a sum of money is paid, at which point the cybercriminal provide a code to unlock the system. If the ransom is not paid with a set timeframe, they will wipe the data. And, any organization that relies on access to data, and cannot afford to lose access to that data at any time, is the prime target of a ransomware attack.
In most cases, you have two choices: Either pay the ransom or rely on the quality of your system back-up and the expense that goes along with restoring it.
Steps to minimize the risk include:
- Avoid suspicious emails and links. This is behavior-based risk management and like all things behavior-based, probably imperfect. The key is training and auditing.
- Patch software and block suspicious emails and websites. Unfortunately, cybercriminals are at least one step (if not two, three or more steps) ahead of software patches and email/website blacklists. Nevertheless, have the latest version of everything installed lets the security experts working for your software providers do their jobs.
- Disconnect immediately upon an infection. The more ransomware spreads, the more difficult and expensive to address. Again, training is key. Your IT person must be notified immediately and the infection quarantined as soon as possible.
- Best defense: Backup everything regularly. This removes most of the risk of suffering a ransomware attack. The worst case is you lose only information added since the last back-up. Make sure the system back-up includes data created with portable laptops and other devices.
For more detailed prevention tips, check out the FBI’s Ransomware: What it Is and What to Do About It. For a more comprehensive approach to agency security, check out How to Protect Your Agency’s Data? published by the ACT Security Issues Working Group.