You've logged on to your work computer. Your files are inaccessible and being held ransom by a hacker who's demanding payment. This is every business's worst nightmare; it's ransomware.
Ransomware is a type of malware that holds your files hostage in exchange for a 'release' payment. Since 2015, average ransom demands have ballooned from US$294 (approx. £200) to US$1, 077 - almost £800 - and that figure is growing. Security professionals now consider ransomware to be the top cyber threat affecting businesses and organisations, which means that you can't afford to ignore it.
So, where does ransomware come from and how do cyber criminals get it into your network?
Criminals deliver ransomware in different ways. Usually, it’s via links in malicious emails that trigger the automatic download of malware. This malware then takes advantage of vulnerabilities hidden in your software.
Kaspersky’s recent security bulletin states that vulnerabilities in internet browsers were the cause of 42.6 percent of malware infections, which include ransomware. Other cyberattacks exploited common software, such as Adobe Flash Player and Microsoft Office.
Once you download ransomware, depending on what type of ransomware it is, it can either lock your computer screen or encrypt your files using cryptographic keys.
The criminal behind the attack will then demand payment before they either unlock your screen or give you the private cryptographic key so that you can un-encrypt your files. Of course, paying the ransom is not a guarantee. Some criminals will take your money and leave you with nothing.
The bottom line: ransomware is dangerous for both you and your business. A company is hit with ransomware every 40 seconds.
Fortunately, there are simple ways to protect your business from these attacks.
If ransomware does get into your network, it's not the end of the world. Try to stay calm, focus and do not pay the criminals. There’s no guarantee that you will get your files back.
The safest thing you can do is shut down all the devices in your network and run a full security scan. Providing you have all of your information available elsewhere, you always have the option to wipe your devices clean and reinstall your data. If you require further assistance, act appropriately and refer to specialist IT support.
Note: this post was originally published on 21 September 2016. It has since been updated.