It seems like every year there’s a new threat that dominates the cyber security landscape and sends shockwaves across the industry. 2017 has been no different in that regard, except the threat causing all the hoopla isn’t really all that new. Ransomware has been around for awhile, but this year it captured everyone’s attention with multiple high-profile incidents that compromised countless data records.
True to its name, ransomware is a cyber threat that infiltrates your system, captures data and holds it for ransom. It does so with the help of encryption, preventing victims from accessing affected files or even entire operating systems. Targeted users are then given a choice: Fork over hundreds or thousands of dollars to get their assets back, or lose them forever.
It’s a scary scenario for anyone, but small and medium-sized businesses may be particularly at risk given their less sophisticated security tools and lack of redundancy compared with larger organizations.
Throughout the year, ransomware has carved out a path of destruction, hitting institutions across the globe:
May 2017: Cyber criminals used the WannaCry ransomware to attack major organizations across Europe, including the U.K.’s National Health Service and Spain’s Telefonica. Hundreds of thousands of machines were infected, compromising a massive number of data files.
June 2017: In the wake of WannaCry, a similar strain quickly emerged: Petya. Exploiting the same vulnerability as WannaCry, Petya spread across the globe with alarming speed, with Europe again being the focal point of activity.
August 2017: Locky, a specific strain of ransomware that first appeared in 2016, reared its head once again. Data thieves sent out more than 23 million emails infected with Locky in a 24-hour window, resulting in one of the single largest malware campaigns ever recorded.
September 2017: The RedBoot threat blurred the line between ransomware and wiper by not only encrypting files, but removing the Master Boot Drive and replacing the partition table. The real kicker here is RedBoot’s creators failed to provide a way to restore the MBD even in the event that the ransom was paid.
Defend against ransomware with data security solutions
There is no greater threat out there to SMB data than ransomware. Once you’re infected, there’s a good chance you’ll never regain access to the comprised assets, as there’s no guarantee that cyber criminals will honor their agreement to restore encrypted files upon payment. In fact, they may feel emboldened to demand more money. For those wondering how to remove ransomware, the answer is, in many cases, you can’t without doing a total reset and wiping your system clean.
“Take actionable steps to protect yourself.”
Instead of relying on the honor of data thieves, take actionable steps to protect yourself. First, always keep your PCs and other machines up to date. Many strains of ransomware rely on unpatched vulnerabilities to infiltrate systems, so adhering to diligent patch management practices will help immensely.
Second, always have a backup plan in the event that critical files and assets are compromised. The threat of ransomware loses its fangs when you have backup records readily available. A good rule of thumb is to follow the 3-2-1 backup protocol: Have at least three copies of every file, with two stored onsite and one offsite. Doing so provides redundancy in the event of a cyber attack as well as other disruptive events.