Ransomware’s launch in 2016 quickly created a billion-dollar business which many experts believe will continue to dominate the security threat landscape in 2017. Ransomware is a type of malware installed on a computer or server that encrypts files, making them inaccessible until a specified ransom is paid. These ransoms are typically demanded in bitcoin, an untraceable online currency. Once converted they have been reported to be as high as $1,338 USD, but typically average $722 USD. But should you pay?
In a recent study conducted by Trend Micro, 75% of polled corporations which had never been victimized by ransomware stated they would not be willing to pay the ransom if they were to get infected. The same study states that 20% of organizations that do pay never get their data back, and the average time to clean up the infection is around 33 hours.
Alternatively, 66% of organizations who were targeted by ransomware paid the ransom. 37% of organizations who paid the ransom felt they would rather pay and quietly make the problem disappear than worry about regulatory fines involving the data breach or suffering loss of reputation in the public eye. These results continue to explain how companies that have never fallen victim to a cyber-attack frequently underestimate the seriousness of a breach until it happens to them.
What are my options?
In July of 2016, www.nomoreransom.org launched as an alternative solution. The site allows you to upload encrypted files for analysis in an attempt to understand how to unlock them. They have claimed to have saved 6,000 victims more than $2 million USD since the websites launch.
How do I avoid becoming the next victim?
Security Vitals recommends backing up often. Scan your systems frequently to ensure that you are not backing up malicious code that may be lying dormant. Some variants of malware may sit for up to 3 months before unleashing its true intent upon your network.
Another recommendation is to know the software you are using. If you meant to install it, keep the software up-to-date to prevent attackers from exploiting it. If you aren’t using the software, get rid of it.