Ransomware is malicious software that will encrypt data then hold it for ransom, hence the name. Cybercriminals make you pay in order to gain access to your data again. This is a way that hackers can extort money from you and other hard-working business owners. The process of dealing with ransomware can have a high cost, as even if you do not pay the ransom, your business will suffer downtime.
Based on Verizon’s 2018 Data Breach Investigations Report, occurrences of ransomware doubled in 2017 in comparison to 2016, making up 39 percent of all cybercrime. 76 percent of all reported breaches were motivated by financial gain. To start protecting your business, be aware of these top methods hackers use to get ransomware into your business, and take steps to prevent them.
Opening Email Attachments
It is common for cybercriminals to send a phishing email that includes a malicious attachment but appears to be a document that a colleague sent. After you download and then open the attachment, that malicious code will exploit a handful of vulnerabilities. At this point, your computer downloads the ransomware application, where it runs in your system’s background and begins encrypting files.
Clicking Incorrect Links
If you are online and accidentally hit the wrong link, it can take you to a website that will scan your browser in search of a set of known vulnerabilities. Once the website finds one, it takes you to another website that will exploit that particular vulnerability so it can download then install the malware. It is also common for hackers to use a phishing email that will get you to click on one of these malicious links. The result is the same whether you click the link from an email or while on a different website.
Keep in mind that whenever you download an application on your computer, mobile device, or other type of technology, hackers want to take advantage of it. If you do not know what you are looking for, you could type your chosen program into your web browser and accidentally click on an advertisement that takes you to a different website instead of the official one. Unless you download directly from the manufacturer’s website, there is no way to know whether the application is what it claims to be instead of a version riddled with ransomware and other malware. Avoid this by always going to the manufacturer’s website for a direct link to any application before downloading it, whether it is for a mobile device or computer.
Using Social Media
Since social media websites have large user bases, all of which use smartphones, tablets, or computers, they are the perfect target for ransomware-based attacks. Hackers can create accounts on social media and use it to impersonate someone you know. They connect with you via the platform and post an image or link in hopes that you will click on it. From there, the process is the same as clicking on the wrong link as mentioned above.
Using CDs Or USB Drives
Although the internet is a common source of ransomware, that is not always where problems can arise. Sometimes, hackers will gain access to your system to insert a CD or USB drive. They may not even do this directly, as sometimes, they will leave an item unattended by a business in hopes that an employee plugs it in to discover the owner. There was even a famous incident in 2005 where Sony implemented a copy protection measure that ended up making changes you could not undo and accidentally opened your system up to exploitation. That was over a decade ago, and it was an accidental consequence from a well-respected company. But just think of the possibilities for a hacker with bad intentions.
Exploiting Unpatched Systems
As a general rule of thumb, many of the above vulnerabilities only exist in unpatched systems, which is why hackers always hope that small businesses and users do not take the time to complete updates. Regular updates and patches from your software can get annoying, but they are necessary to stay up-to-date with ever-advancing hackers. Unless you install patches when prompted, your system will remain at risk, so take a few minutes each week to complete updates.
Ransomware can cause serious financial losses, either from paying the ransom or through downtime. There is hope, however, as awareness of the most common methods that ransomware enters your business puts you on the alert and prevents issues.