What You Need to Know About Ransomware — Plus How We Can Help You Avoid This Disastrous Malware
Lethal scams are making headlines, as well as millions of dollars for hackers, so it might be time to revise your company’s security plan.
Many businesses think they’re safe from cyberattacks because their data are only valuable to their own operation. Then came ransomware, which takes over your network, encrypts your data and holds it hostage for ransom. It’s simpler and far more lucrative than other hacking operations, and it means that data that matters to no one else but you now can turn a profit for hackers.
“Hacking into networks involves numerous steps and provides mere pennies for personal information like a credit card number, social security number or password. Ransomware is different in that it pays big bucks and makes it so that everyone out there, regardless of the data they have, is a potential target for every hacker in the world,” says Dave Sloan, Founder and President of Affinity Technology. “Using malware, criminals have created profitable, nefarious businesses.”
Sophisticated ransomware emerged in 2013 with the viruses CryptoLocker and Cryptowall. Since then, several ransomware attacks have made the news, including incidents involving Maryland’s MedStar Health hospital network and a police department in Illinois. Hollywood Presbyterian Medical Center in Southern California paid about $17,000 in Bitcoins to regain access to its data this year. A school district in South Carolina got hit in April, paying $10,000 to get back its data. The FBI estimates that businesses and individuals paid $27 million to unlock their data from ransomware attacks in 2015.
“The best way to fight ransomware is to not get it,” Dave says. “The level of security used for the encryption is too robust to crack open, so if it gets into your system, you’re in dire straits.”
What to Do to Protect Your Data
The rise of this new threat is changing the way businesses and security companies think about data protection. For many years, your partners here at Affinity Technology have been providing sophisticated security assessments and protections designed to be all-encompassing. We started this protection in a simpler time when criminals tried to break into networks to obtain data they could sell, like credit card numbers and customers’ personal information. Data protection is now more complicated, and different types of businesses need different levels of security.
“We’re in a more complex world and at a crossroads where for many businesses, that level of security is no longer sufficient,” Dave says. “What will truly be comprehensive for your business will take into account your compliance requirements (such as HIPPAA, PCI, public sector SOX and regulations for small merchants accepting credit cards), your vulnerability and your personal risk tolerance. Together we can make decisions about the level of security and threat assessment testing necessary for your business. We’re still doing that job just as well as we promised we would, but with so many new threats coming in every single day, the reality is: That might not be enough and we need to have a conversation to assess your risk.”
Here’s how to protect yourself and your business:
Schedule a free consultation with Affinity Technology to assess your level of security, so that together we can create an updated plan for protecting your data. Call us at 602-439-4989 or email us today.
Never click on an attachment from a suspicious email address. If the email looks off — has misspellings, is from someone you know but reads oddly, has offers that are too good to be true or asks for sensitive information — don’t download the file.
Watch out for zip and .EXE files, as well as executable programs embedded into documents. Zip files are executable files by default, so be especially careful when downloading one. These days you can be duped into running programs embedded in Word DOCs and Excel XLS files as well.
Be suspicious of all links within emails or advertisements. Cryptowall infects computers by sending malicious emails that appear to be from legitimate businesses or by using advertisements on popular websites. The links direct to ransomware. Here’s an example: An IT professional profiled on NPR revealed how an employee received an email that appeared to be from PayPal saying the recipient had received money. The compromised link loaded the computer with ransomware, and the business lost 14 years worth of data.
“Even if an email appears legitimate, don’t click the links from the email, instead open a separate browser to visit the website directly,” Dave says. “If the email looks like it comes from someone within your organization but contains suspicious links, call that person to confirm the email is legitimate rather than risking a ransomware infection.”
Back up your information offline. “If your machine or business network gets taken over, this is the best way to get back your data. But it’s not foolproof and will still cost time and money. So, again,” Dave says, “the best way to fight ransomware is to avoid getting it.”
Keep your antivirus protection, operating system and other applications up to date. These updates primarily address security vulnerabilities or performance issues.
Rely on Affinity Technology to keep your business safe. “Our job at Affinity Technology is to know where the vulnerabilities are and make smart decisions for your organization about how to keep your data safe,” Dave says. “That goes beyond patches. We use sophisticated firewalls, better antivirus software, GEO fencing, penetration testing and internal security assessments specifically tailored to your individual business. We can help make businesswide decisions to keep you safe. We put our proactive security, business continuity management and monitoring services to work for you, preventing breaks and fixing vulnerabilities before they can compromise your business performance. The level of security you need depends on your business and is something we want to discuss with you as your partner.”
Call us at 602-439-4989 or email us today for a free consultation so that together we can update your security plan and procedures.