Companies are Facilitating their Own Cyber Blackmail, report finds
Ransomware attacks have quadrupled in the past year because companies like yours are paying up!
A report released by insurance underwriter Beazley last week found the lure of an easy pay-day, combined with the ease of buying easy-to-operate ransomware kits, had made the attacks a real growth industry for cyber-criminals.
“From what we are seeing, it appears that many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web,” Katherine Keefe, global head of Beazley Breach Response Services (BBRS), said.
FBI Cyber Division section chief Chris Stangl agreed, calling ransomware “a prevalent, increasing threat… (which is only) successful because people pay”.
How does the scam work?
Most ransomware infiltrates your network when you, or your staff, click on a seemingly authentic email that is infected by malware (Phishing email).
To put this in perspective, according to research just released from security firm AppRiver, more than 14 million Locky ransomware-infected Phishing emails were recently sent to unsuspecting victims in what’s called a spray-and-pray approach. And that’s just the tip of the iceberg.
Once installed, the malware hijacks and encrypts your valuable data, blocking you and your staff from accessing said data until a ransom is paid.
Why pay up?
Cyber-criminals are smart, requesting relatively small amounts of money (untraceable bitcoin up to US$1,000), to release your information.
This means it’s often easier just to hand over a small amount of money than wade through loads of poorly arranged backup material.
Or, in some cases, companies simply have no choice but to pay up because they don’t have any backup systems in place and simply can’t operate without their data.
The Beazley Breach Insights report, was based on the insurer’s client data breaches in the first nine months of 2016.
During this time, the BBRS unit managed 1,437 data breaches on behalf of clients, compared to 931 breaches during the same period last year.
The main targets were:
- Financial services
- Retail and Hospitality sectors.
But no industry is really immune.
What does this mean to you?
Once the ransom has been paid, you’re then faced with the costs of evaluating the damage to your network, your brand, your productivity, and updating your security to ensure you’re never compromised again.
In 2015 the FBI reported American companies alone had lost more $1.07 billion to cybercriminal activity, including ransomware.
How to spot a fake email:
Don’t be lulled by colour-schemes. Take the time to actually read emails before acting on instinct, and use your common sense. Spelling mistakes, bad grammar, and inappropriate domain names are dead giveaways.
How can we help?
ComputerOne can offer you a number of strategies to help keep you one step ahead of the hackers.
Firstly, we can provide you with basic email templates to remind your staff on how to be on the lookout for fraudulent emails, especially if you’ve already been hit by ransomware before.
Secondly, we can segregate your data, especially your most valuable information, in a well-structured backup plan so your company can never be held to ransom.
Thirdly, we also offer Application Whitelisting, which treats anything unknown as a potentially bad file and prevents it from accessing your system.