Fraud Prevention

Every 40 seconds, ransomware wreaks havoc for businesses

David Pollino
Fraud Prevention

During the past year, ransomware has become a more serious threat for businesses of all sizes.

Screen showing red padlocks superimposed on various parts of the globe, nearly all continents.Just consider these global ransomware statistics compiled by the Kaspersky Security Network (KSN) for 2016:

  • In the first quarter, a business was attacked every 2 minutes.
  • In the third quarter, a business was attacked every 40 seconds.
  • One in five small businesses that paid a ransom never got their data back.

Unfortunately, the growing cycle feeds itself: As more businesses have paid ransoms to retrieve valuable data, the thieves have become emboldened and even innovative. A total of 62 new ransomware families emerged last year, as tracked by KSN.

2 basic forms of ransomware

The types of ransomware used today fall into two main categories: crypto and locker. The crypto version blocks access to data and files (often via encryption), while the locker prevents access to the infected computer or device. In both cases, victims receive a message demanding a ransom payment in exchange for restoring data and/or system access. You can learn more about these types of ransomware in this white paper from Symantec.

Obviously either type of threat could be catastrophic for businesses, which may stand to lose valuable customer data or even be prevented from doing business because transactional systems are blocked.

New partnership helps in the fight

Joint efforts by law enforcement and IT security companies have created the No More Ransom project, which launched in July 2016 and continues to grow and make decryption tools available on its nomoreransom.org platform. According to Help Net Security, the platform now contains 40 free decryption tools and is available in 14 languages.

The site also recommends that victims not pay the ransom. “By sending your money to cybercriminals you’ll only confirm that ransomware works,” the website declares, “and there’s no guarantee you’ll get the decryption key you need in return.”

What you can do

Federal officials agree that businesses and consumers should not pay a ransom; rather victims should contact the FBI or submit a complaint on www.ic3.gov, a government site for filing and sharing information about cybercrime.

I also recommend several proactive steps that you can take to help protect your business, such as:

  • Use email filtering to screen all incoming and outgoing mail for malicious or junk status and quarantine attachments with macro extensions (.docm, .xlsm, .pptm).
  • Limit administrative rights on computers (malware often needs admin rights to take over a computer) as well as valuable data files.
  • Educate employees about the risks of ransomware and train them to be suspicious of unsolicited emails and avoid clicking on links or attachments in emails.

For more tips, please see my previous posts “Held hostage: Be alert for ransomware” and “As ransomware attacks rise, these 5 tips may help protect you.”

Read More ›

The Internet of Things brings new conveniences, new risks

David Pollino
Fraud Prevention
Hand seen programming a wall-mounted tablet screen, with view into a bright stylish kitchen nearby.

Connected devices – the proliferation of which is known as the “Internet of Things,” or IoT – attract so many of us because they simplify tasks. But they also connect us to more security risks. I say that as an enthusiastic participant in the IoT phenomenon. I love being able to use my phone to […]

Read More ›

Tips for protecting the privacy of your data

David Pollino
Fraud Prevention
View over a computer user

It’s always a good time to consider and check on privacy of your data – whether for yourself or for your business.

Read More ›

With tax season comes heightened alert for fraud

David Pollino
Fraud Prevention
Man sitting in bright office while looking at his online tax information with paperwork nearby and a cup of coffee

Here are some basic tips and good practices as you get ready to file your annual income taxes.

Read More ›

Preventing insider threats: Actions to help protect your business

David Pollino
Fraud Prevention
Sixtysomething man on the phone while peering through blinds out the window, observing something suspicious outside the window.

These processes only take a few minutes for all parties involved, but they promote the best outcome: Keeping the honest employee honest.

Read More ›