Ever seen one of those movies where someone gets kidnapped and people find a note indicating that the kidnapper demands X amount of money in order for the person to be freed? Picture this: the things being kidnapped are every file, every photo, and every project on your computer. And you have to pay if you ever want to see them again.
It's called cyber-ransom, and it works a little differently than the suspicious typo- and link-ridden emails you know to look out for:
Ransomware is a type of malware that can be picked up from malicious links in emails or drive-by download attacks by visiting certain websites. Once it infects your computer, all of your personal files are hidden behind a virtually impenetrable wall of encryption. The only way to get access back? Pay them.
Cyber-ransom is a relatively new threat to Americans: previously, digital crimes like these were much more common in Russia or Europe, but tides and have turned and attention has veered towards the U.S. According to a report by Radware, 49% of businesses fell victim to cyber-ransom attacks in 2016.
More and more businesses are also at risk of what's known as DoS/DDoS extortion, where a company's website is overwhelmed by hackers bombarding the site with data requests, forcing the site to shut down. Companies have to pay a big fee if they want the attack to be stopped and the site up and running again. This doesn't just put companies at risk, but also consumers – the attack also includes data theft, meaning sensitive consumer information is also up for grabs.
Now, if you're part of the 40% of businesses who don't have a plan in place when a cyber ransom incident occurs, you might be wondering: what can we do?
1. Make sure software is up to date.
2. Plan ahead – would you be willing to pay if your system was attacked?
3. Be prepared to remove infected machines from your network.
4. Train staff on company practices for cyber security (don't open unknown links, etc.)
5. Backup data daily to off-network or off-site location.
6. Split up your network so an attack cannot affect the entire company.
Being aware of the problem is already a step ahead of many – keep a close eye on your network and you'll at least catch a problem early!