Are you one click away from disaster? Trust me when I say that, yes, most likely you are only one click away from the modern day equivalent to e-kidnapping that IT experts refer to as ransomware. The incidents of ransomware are so pervasive that the U.S. Justice Department reports that over 4,000 of these attacks have occurred every day since the beginning of 2016. Every day? Seriously? PhishMe research found that 93 percent of phishing emails now contain some form of ransomware.
What is Ransomware?
Ransomware can be introduced into your system when an employee accidentally opens an email file attachment without first verifying its authenticity with the sender. Ransomware locks your computer or mobile device, or encrypts your files, holding them ransom until you pay a fee to the cybercriminals who hold them hostage. If you don’t pay the ransom, cybercriminals can delete your photos and documents for good, or lock you out of your computer or mobile device permanently.
Ransomware happens to be one of the most prolific threats to financial institutions today. According to a recent article posted on CryptoCoinsNews, citing the U.S. Justice Department, ransomware attacks quadrupled in 2016 with an average of 4,000 per day. The FBI has previously revealed that ransomware costs amounted to $209 million in the first three months of this year. This is compared to a total of $24 million for all twelve months of 2015.
To Pay or Not To Pay – The FBI Changes Position
At a recent Federal Trade Commission’s Fall Technology Series, supervisory special agent for the FBI’s Cyber Division, Will Bales, said that businesses or individuals targeted by ransomware should refuse to pay the ransom, as reported in Dark Reading. This is contradictory to the earlier belief that paying a ransom in order to release your captive data was the most expedient plan. Clearly, paying any criminal in exchange for the release of stolen data will simply result in more attacks and bigger paydays for the bad guys.
It takes mere moments to ask your colleague if they intended to send you a file attachment. It can take weeks and thousands of dollars to recover from a security incident when users are careless.
Offline Backups Are Essential
Store data in locations inaccessible to your primary system. Backups can enable your IT department to restore hostage data without the need to pay ransoms or deal with incredible losses in efficiency.
Slow Down Those Click-Happy Employees!
A low-tech but equally effective method of preventing malware from infecting your system is to simply add an additional prompt that reminds the user to evaluate, verify and proceed with caution before opening a file attachment or clicking on a hyperlink.
It is really important to impress upon your workforce how easily a file attachment can lead to the introduction of viruses, malware and specifically ransomware. Employee awareness diminishes over time without practice. Educational messages need to be combined with a real-life “fire drill” practice.
Test your employee’s knowledge and awareness of suspect attachments and phishing threats by organizing regular IT fire drills. Send out test emails and evaluate how many of your employees actually click on the test attachments. Report your findings to everyone in the interest of reducing and improving the number of negligent employees who may represent your next click away from disaster.
Speak to a variety of ransomware specialist vendors to properly vet and layer on the endpoint security tools that will best suit your organization. This approach isn’t a silver bullet. You will need to maintain staunch security policies and combine endpoint security tools with frequent data backups to round out your arsenal.
Want to know more? Join me on October 20, 2016 for the CO-OP FraudBuzz webinar. We will discuss ransomware and listen to our credit union audience as they share stories and points of view about fraud, scams and financial crime. And follow me on Twitter @COOPFraudBuzz.