Here are some easy-to-apply rules to help keep your data - and your business operations - safe.
Crypto-ransomware, also known as cryptors, is a specific type of ransomware where the files and data that are stored on the infected device are encrypted into an unreadable form. This means the data can only be decrypted by using the necessary decryption key, which is only released by the criminal after the victim has paid the ransom demand.
Consumers affected by crypto-ransomware are usually faced with demands of $500 to $1000, but ransom charges for businesses can be much higher as cybercriminals understand just how valuable data can be. If the ransom goes unpaid, the price will steadily increase until the decryption key is deleted, making it virtually impossible to recover the files. But even if a ransom is paid, there's no guarantee the data will be unencrypted.
A recent survey by Kaspersky Lab found that despite the increase in ransomware attacks, only 40% of companies consider ransomware to be a serious danger. This attitude can lead to security weaknesses that can be exploited by cybercriminals.
A temporary loss of data can disrupt business-critical processes, and could lead to lost sales, reduced productivity and significant costs for system recovery. However, the permanent loss of data can have much more severe consequences, from damaging the company's competitive position to preventing access to intellectual property and design data.
In common with most other types of malware, there are many ways in which a cryptor can find its way onto business computers and other devices. Here are some easy-to-apply rules to help keep your data - and your business operations - safe.
People are often the most vulnerable element in any business. Teach employees about IT security basics, including raising awareness of phishing and spear-phishing attacks. Emphasise the security implications of opening suspicious-looking email attachments, even if it appears to be from a trusted source.
Regularly back up data:
Almost all businesses will already have data back up policies. However, it's also essential to back up data onto an offline backup system, rather than just copying files to another 'live' system on a corporate network. Establishing a 'back up and disconnect' policy will help keep backup files safe from cryptors.
Protect all devices and systems:
Cryptors don't just attack PCs. Business security software must also be able to protect Mac computers, virtual machines and mobile devices. It is also worth ensuring there is sufficient protection installed on the organisation's email system.
Deploy and maintain security software:
As with all malware prevention, updating early and often is a valuable policy to follow. Updating all applications and operating systems will allow elimination of newly discovered vulnerabilities, and ensuring security applications and anti-malware databases are up-to-date will ensure the business benefits from the latest protection.