And How to Protect Yourself and Your Business with Cyber Security Awareness
According to the FBI, ransomware makes up about 85% of a reported 400% increase in cyber-attacks in 2020. Ransomware is one of the most expensive types of malware because attackers encode data and demand a ransom for its safe return. Criminals come up with more sophisticated attacks often, and with “Ransomware-as-a-service” or RaaS, it is easier than ever to exploit individuals and businesses.
Ransomware-as-a-Service – RaaS is a subscription-based model where hackers write exploitation programs, sell these programs to other criminals, and take a cut of the ransom.
How does ransomware work?
Ransomware infects a system, network, or both. The ransomware program encrypts files, rendering these files useless and hindering a business’s daily operations. The criminals will unencrypt the files in exchange for a ransom, usually hefty. While paying these criminals is illegal, it is often easier for a business to pay the ransom and resume commerce.
Ransomware crinimals target unsuspecting email users, many of the attacks coming from spear-phishing emails. Nearly half of the people who open a spear phishing email will click the links therein! This makes the odds of criminals landing a target pretty high.
Crinimals target password lists, bank account information, financial data, PII, and more. Even if you back up your data, you may still be exposed. These criminals will often slowly encrypt files, including backups, making a restore nearly impossible in some cases.
Combat ransomware
Thankfully, the United States government has set up a Cybersecurity and Infrastructure Security
Agency (CISA), which continues to respond to large ransomware attacks. However, it is much smarter to be proactive than reactive to a ransomware attack. Here are a few cyber security awareness steps you can take to protect yourself now:
- Check out the CISA’s “Ransomware Readiness Assessment tool”
- Install firewalls to protect networks.
- Only give access to data needed to do a job, and monitor networks and file access accordingly.
- Use strong passwords and multi-factor authentication where applicable.
- Use antivirus and antimalware software on all devices.
- Keep other hardware and software up-to-date.
- Encrypt data (stored and in-transit) so that if there is a breech, the data is useless to a criminal.
- Make sure staff is trained to spot phishing techniques and to recognize other cyber security red flags.
- Back up data and store it off-site (not connected to your network) where possible.
Keeping ransomware at bay is a multi-step process. However, using cyber security best practices and having a well-trained staff can be an effective tool in preventing a ransomware attack within your organization.
Not all malware is ransomware. Malware-as-a-Service (MaaS) is a growing trend among cybercriminals. It is used to steal any number of sensitive information, include passwords, banking information, and more. Check out our MaaS article for a more in-depth look at how criminals are using MaaS to steal data.