On both the enterprise and consumer side, ransomware is a rapidly growing form of malware that effectively holds a user’s device or files at electronic gunpoint.
Ransomware infects a machine and renders it unusable until a ransom is paid to either unlock the computer or decrypt the data. Levels of attacks can vary and often it uses scare tactics, deadlines and intimidation to trick victims into paying up.
In recent months, most ransomware has been distributed via attachments in emails. Though ransomware threats can be advanced, its efficiency hinges on two factors: tricking people into clicking on malicious content and banking on them not having advanced threat protection.
- University of Calgary announced this week that they had paid a ransom of $20,000 CDN, a week after an initial attack which targeted staff and faculty emails.
- The Hollywood Presbyterian Medical Center, a Los Angeles-based hospital, had its computers taken hostage by a piece of ransomware called Locky. After being offline for a week, officials eventually had to pay $17,000 in Bitcoin to regain access to patient records. MedStar Health and a hospital in Kentucky were recently hit with similar attacks.
- Lansing Board of Water & Light, an American public utility, recently became the first example of a utility being successfully compromised by ransomware which took the company’s internal computer systems offline. The attack took place when one of the company’s employees opened a malicious email attachment.
The best defense against this increasingly popular cyber crime is a good offense. Operating systems, firmware, software and applications need to be patched and remain up-to-date to limit the vulnerabilities that are available for criminals to exploit.
In addition, organizations should prepare for the worst by backing-up systems regularly and investing in cyber insurance so that the business can make a full recovery in the event of a ransomware incident.
Download Agari’s executive brief on the Top Phishing Attacks of 2016 to learn more about best practices to stopping phishing attacks.
You can also check out the other posts in the Top Phishing Scams series: