All Posts Tagged: cyber security

Every 40 seconds, ransomware wreaks havoc for businesses

David Pollino
Fraud Prevention

During the past year, ransomware has become a more serious threat for businesses of all sizes.

Screen showing red padlocks superimposed on various parts of the globe, nearly all continents.Just consider these global ransomware statistics compiled by the Kaspersky Security Network (KSN) for 2016:

  • In the first quarter, a business was attacked every 2 minutes.
  • In the third quarter, a business was attacked every 40 seconds.
  • One in five small businesses that paid a ransom never got their data back.

Unfortunately, the growing cycle feeds itself: As more businesses have paid ransoms to retrieve valuable data, the thieves have become emboldened and even innovative. A total of 62 new ransomware families emerged last year, as tracked by KSN.

2 basic forms of ransomware

The types of ransomware used today fall into two main categories: crypto and locker. The crypto version blocks access to data and files (often via encryption), while the locker prevents access to the infected computer or device. In both cases, victims receive a message demanding a ransom payment in exchange for restoring data and/or system access. You can learn more about these types of ransomware in this white paper from Symantec.

Obviously either type of threat could be catastrophic for businesses, which may stand to lose valuable customer data or even be prevented from doing business because transactional systems are blocked.

New partnership helps in the fight

Joint efforts by law enforcement and IT security companies have created the No More Ransom project, which launched in July 2016 and continues to grow and make decryption tools available on its nomoreransom.org platform. According to Help Net Security, the platform now contains 40 free decryption tools and is available in 14 languages.

The site also recommends that victims not pay the ransom. “By sending your money to cybercriminals you’ll only confirm that ransomware works,” the website declares, “and there’s no guarantee you’ll get the decryption key you need in return.”

What you can do

Federal officials agree that businesses and consumers should not pay a ransom; rather victims should contact the FBI or submit a complaint on www.ic3.gov, a government site for filing and sharing information about cybercrime.

I also recommend several proactive steps that you can take to help protect your business, such as:

  • Use email filtering to screen all incoming and outgoing mail for malicious or junk status and quarantine attachments with macro extensions (.docm, .xlsm, .pptm).
  • Limit administrative rights on computers (malware often needs admin rights to take over a computer) as well as valuable data files.
  • Educate employees about the risks of ransomware and train them to be suspicious of unsolicited emails and avoid clicking on links or attachments in emails.

For more tips, please see my previous posts “Held hostage: Be alert for ransomware” and “As ransomware attacks rise, these 5 tips may help protect you.”

Read More ›

12 fraud-prevention reminders for the holidays

David Pollino
Fraud Prevention
holiday_shoppers_wallst_crop

As you shop and spend, be aware so you can help prevent fraud from ruining your holiday enjoyment.

Read More ›

Are you still using your password from 2013?

David Pollino
Fraud Prevention
Screen showing several blue strings of numeric code, with red "data breach" and "cyber attack" inserted.

If you’re a Yahoo! user, I hope you’re not using the same password as you did in 2013.

Read More ›

A comprehensive approach to protect against cardholder data breaches

David Pollino
Fraud Prevention
Business owner looking worried as he checks his laptop and waits on the phone in his warehouse.

Besides resulting in your customers possibly taking their business elsewhere, data breaches can drive unexpected and expensive mitigation costs.

Read More ›

A deal or steal? Take care with ‘bargains’ on Black Friday

David Pollino
Fraud Prevention
Young woman with bluish hair and cap looking at her laptop and holding a credit card, ready to make a purchase.

Phishing emails look like legitimate communications from real companies, but they aren’t.

Read More ›