What is Ransomware?
Malicious software that locks your files and demands payment to access them.
Ransomware is a term for the many variations of malware that infect computer systems, typically by social engineering schemes.
A cryptovirology attack encrypts critical files and systems and renders them inaccessible to the owner.
Ransomware sometimes marks the files for permanent deletion or publication on the internet. The perpetrators then demand a payment (usually in untraceable cryptocurrency like Bitcoin) for the private key required to decrypt and access the files. Infamous ransomware examples include CryptoLocker, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.
Who are Ransomware Perpetrators?
Cybercriminals who profit greatly by violating businesses that rely on data as a lifeblood.
Ransomware cybercriminals are organized and profitable. It is estimated that this type of attack earns criminals $10 million to $50 million per month.
There are entire ransomware outfits working out of office buildings, making the stealthy and disruptive pieces of malicious software, and designing deceptively simple schemes to infiltrate small to medium sized businesses.
The criminals are business-minded innovators. Recently, a Ransomware-as-a-Service organized cybercrime ring was discovered, which infected around 150,000 victims in 201 countries in July 2016; splitting profits 40% to malware authors and 60% to those who discover new targets.
The overhead is low, the profits are high, the Bitcoin is anonymous, the list of targets is endless, the technology is not overly complicated, and the odds of getting caught are low. Ransomware perpetrators are sophisticated, profit-hungry, cybercriminals on the lookout for unsuspecting SMBs to violate.
Could my business be a Ransomware victim?
In a word: Yes.
Ransomware perpetrators cast a wide net. They target small to medium sized businesses with IT security loopholes, valuable data, and a modest budget to pay the ransom.
If data is important to your business, you are a target.
To get in to your systems, they may send a phishing email to your staff. Because 94% of people can’t distinguish between a real email and a phishing email 100% of the time, they get in. And if they don’t, they try again until someone somewhere clicks the link.