Last year’s attack on Sony is perhaps the most famous recent example of ransomware, but new increasingly sophisticated forms of the malware are on the rise.

To make matters worse, the scale of the problem is hard to know, because new research suggests many incidents are going unreported!

Ransomware is like digital kidnapping. An attacker encrypts the victim’s computer, or even individual files and charges a ransom for their safe return. If the ransom isn’t paid the files are destroyed and files seemingly lost forever.

Individuals, businesses, colleges and government agencies have all been among targets of ransomware. Any institution or individual that has critical files or systems are potential targets for ransomware attackers.

Even gamers were recently targeted, with the threat of losing their online creations providing the leverage.

Businesses in particular though can suffer at the hands of ransomware as shown in a recent attack targeting Danish chiropractors. The victims received an email from a potential new patient who conveniently provided past medical records via cloud storage service Dropbox. Once opened, the PacMan malware springs into action and encrypts essential business files containing valuable medical information.

Here in the United States, both the FBI and the White Collar Crime Center advise you to report ransomware threats or events to the agency at www.ic3.gov, and importantly, they advise against paying the ransom!

New research by ThreatTrack suggests that 30% of companies surveyed would negotiate and essentially “pay up” for the recovery of data. More notably, 55% of those that had previously been victims of ransomware said they would pay up again!

It also appears many incidents are likely going unreported, according to the ThreatTrack survey. Why? Likely because companies don’t want to suffer public scrutiny and humiliation or, perhaps, to encourage copycats.

 

What’s to be done?

The government and those of us in the security industry advise the first line of defense is preparedness.

Some basic tips include:

• Educate yourself and employees about ransomware.
• Regularly back up your data – and make sure a copy is stored offline.
• Install and enable antivirus protection.
• Make sure you keep all your systems and programs up to date.
• Beware of links, and attachments. If in doubt, do not open it!

You can also stay abreast and get information on malware and other security threats here on the blog.

As with disease in the real world, prevention is sometimes the best cure in the digital world. It may seem like a bother, but having a preventative strategy could save you pain in the long run.