We’ve all heard about how major companies and government agencies have been victims of cyber criminals through hacking and other schemes. One of the newest and increasingly popular schemes for businesses to be alert about is “ransomware.”

Ransom is a type of malware that infects an Internet user’s system. Once there it locks all the files on a system, be it an individual PC or an enterprise system. There is then a message to you explaining that your system is locked and to get access to your files you have to pay the bad guy a sum of money. Though ransomware started as mostly attacks on solo personal computers, the black hat perpetrators soon realized that there was more money to be made by infiltrating a corporate computer system. Why attack and collect a few hundred dollars from a personal computer owner when they could and do get thousands from businesses? It was inevitable that the scheme would migrate to attack businesses.

There are many specific kinds of ransom malware, but the end result is that your entire system or key files are locked and to unlock them you pay the ransom. The problem with paying is that businesses think it is easier and cheaper to pay than it is to secure their systems from future attacks. This sets them up to be attacked on subsequent occasions.

To Pay or Not to Pay, that is the Question

Paying the ransom is not a decision left to security executives, it is a business decision. As such, consider the following reasons why you should not pay:

1. Payment encourages the criminals who stole and locked your data up to continue doing so to you and other companies. Some of the money you pay will likely be used to fund additional cyber crimes and give these bad guys the money to develop better and more advanced ways of attacking and ransoming data.
2. Paying ransom puts a huge target on your company. Not only will a cybercriminal attack you again, but associates talk to each other and you can be victimized by another black hat hacker. If you paid up once, the assumption is you will again.
3. Criminals are not trustworthy. So, paying the ransom may or may not get your data back. There are a number of cases where ransom was paid but files were never unlocked or returned.
4. Next time, count on paying more. And while personal computer attacks may only earn a few hundred dollars, corporate ransomware attacks have better payoffs. One example is Hollywood Presbyterian Medical Center. They paid $17,000 to gain access back to their electronic medical records system – and access was given back. But not until the hospital lost revenue estimated to top a half million dollars related to hospital efforts to gain access without paying a ransom and lost revenue from patients going to other hospitals.

Why Do Some Companies Pay?

Because if they do not, they lose their data and the ability to function. Estimates are that just one gang of cyber criminals collected more than $325 million in just two years.

A Better Alternative to Paying Ransom!

The best way to avoid paying for ransomware, should you be attacked, is to have a sound backup system that is stored off-site and in the cloud. The redundancy is so that you can quickly retrieve stored items in the cloud and get back into your business operations and also have a backup offsite if needed by partner businesses whom you allow to access your system. After all, you will have to change all security settings at a minimum.

Other Ways to Fight Ransomware

• In addition to backups, remind everyone who accesses your IT system that they should never open an email from a person they do not know or download a link from an email that is not familiar to them.
• Web sites are another source of infection by ransomware. Avoid going to sites you don’t know or trust and never download software except from a trusted software site.
• Keep all of your software updated, especially your system’s operating system. But other programs such as MS Word or Excel are also vulnerable to ransomware, so keep them updated too. It is also a great idea to download MS Office Viewers so files can bypass Word or Excel.

CPU, Inc is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (419) 872-9119 or send us an email at info@CPUonline.com for more information.

Published on 26th July 2016 by Jeanne DeWitt.