Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.
The losses SMEs face aren’t limited to the ransom money, either – the cost of disaster recovery and downtime associated with data loss can cost even more.
Consider how a ransomware attack would affect your business. How would you recover from losing customer records? Could you service them without order information, and how would that affect your finance department? Could you maintain service? Could you forecast demand for the next quarter to decide on production without access to your historical data?
Tips for preventing ransomware attacks
Back up your data
An automated backup solution can ensure that all the data from your devices and server is backed up regularly. Every business should have at least two backup locations — one in the cloud and one off-site — and both should contain copies of all the files and data your business needs to operate. Website backups should also be encrypted; this way, if the data falls into the hands of criminals, they won’t be able to read and exploit it.
Identify and reduce vulnerabilities
Cybercriminals typically try to exploit well-known vulnerabilities in operating systems and programs. Ensuring that your company’s software is always up-to-date is the best way to stop a ransomware attack in its tracks.
Similarly, installing the latest antivirus software and malware scanners on all company machines can make your IT infrastructure more resilient to ransomware and other types of cyberattacks. Also, implementing a web application firewall can help you stop the attacks from malicious bots that lead to ransomware infections. Finally, using a password manager for logins will reduce the likelihood of passwords being stored in vulnerable formats.
Cultivate good “cyber hygiene” habits among employees
The vast majority of data breaches can be linked to negligence. All it takes is an employee clicking on a suspicious email or unknowingly visiting an infected site. The malware does the rest. Implement regular security awareness training to keep your workforce knowledgeable about how to spot phishing emails and other potential threats.