In 2016 the number of blackmail attacks by means of software multiplied strikingly. And ever more often such “ransomware” is now aiming to squeeze money out of small and medium-sized enterprises.
According to a report by “Fast Company”, recent estimates claim that there were a remarkable 638 million ransomware attempts over the past year, a drastic increase from the 3.8 million attacks registered in 2015. Nevertheless, AVG Business reports that every third small business has no inkling that this threat even exists.
Ransomware has long established itself as big business for cyber criminals. According to an IBM estimate they managed to blackmail a total of around a billion dollars out of their victims over the past year. During the first half of the 2016 calendar year, one single gang is said to have pocketed 121 million dollars. The internet thugs, who Kaspersky claims are often of Russian origin, first set their sights on private persons. But in the meanwhile, they also attack small and large firms alike, as well as public services.
Small and medium-sized enterprises are especially at risk, because they are often lacking in expertise, time or money for IT security. They are often also unaware of the value of their own data, the report goes on to say. Cyber criminals, on the other hand, have it much easier – they can buy pre-configured ransomware or simply rent a botnet consisting of computers which have already been infected, in order to infect other PCs.
According to Phishlabs it is by no means only Windows PCs which are now coming under attack, as ransomware is now also specifically being written for macOS, Linux and server operating systems. Attacks on Android are still low in terms of numbers, but are also on the rise. And blackmailers are also not holding back from the Internet of Things (IoT).
The means of attack for ransomware, and the other malware out there, has hardly changed over the years and 2017 should prove to be no exception – someone has to open a dodgy email, surf on an infected website or download dubious software. And to err is human. “The basic problem is that small businesses don’t often have the knowledge or bandwidth to deal with cyber security,” explains Professor Mark Skilton, of the Warwick Business School.
Most common anti-virus software has struggled to cope with the challenge that ransomware poses. That’s why Skilton advises companies to protect themselves, for instance by encrypting their data to prevent criminals from stealing it and publishing it on the (dark) web. He moreover recommends using a good public cloud service to provide a remote backup. Cyber-security could easily be exaggerated, however, warns the security expert: “You also need to think about what is the proportional level for your company.”
Tony Anscombe of AVG Business recommends using traditional security measures, such as anti-virus software (sure, that’s what his company sells) and backing up data regularly. The security firm Cybereason has developed a free security app called “RansomFree”. This software safeguards Windows computers by looking out for typical patterns in ransomware behavior. Once data has already been taken hostage by ransomware blackmailers, the project “No More Ransom”, which is run by Europol, the Dutch police, Kaspersky and Intel Security (formerly McAfee), may be able to assist by providing useful information in addition to helpful tools.
Warwick professor Skilton underlines the human risk factor. “Increase your employees’ awareness by asking them to think twice about clicking on links in a suspicious looking or unexpected email, especially if it’s purporting to have come from a more senior employee who happens to be on holiday,” the expert advises. Malware can be prevented from spreading, by restricting which person can see what in the system. “Don’t assume the brand-name internet-enabled printers or machines you buy are protected. Check first.”
By the way, IT security and cloud computing are also the most crucial topics for the German digital industry in 2017, according to the latest Bitkom trend survey. The runners up are the Internet of Things and Industry 4.0. Two-thirds (67 percent) of the companies surveyed cited IT security as the most significant technology and market trends of the year. “IT security is becoming even more important, because in the course of digitization critical systems such as vehicles, medical technical devices and machinery are increasingly being networked,” comments Bitkom CEO Bernhard Rohleder.
Businesses of all sizes can protect themselves from ransomware and other malware by securing their email inboxes with a managed cloud service such as Retarus E-Mail Security, in addition to having an up-to-date scanner on their end-points. Our brand new option “Patient Zero Detection®” can even determine retroactively, which persons may already have received brand new, and therefore as yet unknown, malware. For more details, please get in touch with your local Retarus contact person.