• Home
  • Resources
  • What is Ransomware

What is Ransomware?

Ransomware is a category of viruses that encrypts files on a victim’s computer and keeps them locked until the victim pays up. If you don’t pay the criminals who spread it—up to $5,000 per user, according to the FBI—you lose the files forever.

Imagine you arrive at your office to find all your computers padlocked, and a man in a mask demanding $5,000 per user to give you the key. That’s what ransomware is like.

Numerous tech publications have listed ransomware among the biggest digital threats facing businesses today. This is due to its capacity to slip through corporate security and its potential to replicate itself across a corporate network. The first ransomware targeting Macs has recently been spotted in the wild.

If your company gets infected, you face two very hard choices: Either spend multiple days recovering the locked files from backups—during which time you’ll endure user downtime, lost sales and angry customers—or pay ransom to an organized crime syndicate.

 

THE SCOPE OF THE THREAT

Below are the results of a survey of nearly 300 IT experts about the crypto-ransomware threat. The survey respondent panel was carefully screened to include people who consult with businesses of all size on setting up and maintaining IT infrastructures. These are the men and women who are on the front line of business IT challenges.

The survey revealed three key findings: the biggest cost to businesses is downtime, not the ransom payment; ransomware is targeting bigger businesses and spreading within corporate networks; and a widespread lack of business continuity planning is what makes ransomware so dangerous (and so lucrative for criminals).

Paying ransom is the least of your worries

When asked to name the business impact of ransomware outbreaks that these consultants have assisted with first-hand, the actual cost of the ransom came in dead last. In other words, contrary to popular belief, the worst part of ransomware is hardly the ransom.


Downtime lasts for days

Infected computers need to be immediately isolated from the network to avoid spreading the malware. This leaves users without access to their PC while IT contains the virus and restores the device. But even if they can get to their files through alternate devices, the files themselves are encrypted and thus unusable.

There are business continuity solutions that enable you to instantly roll-back your file folders to clean versions and access them using alternate devices. (More on this below.)

But the survey results suggest that few businesses have business continuity solutions in place: 82% of business users lost access to data for at least two days, and 32% lost access for five days or more.


Downtime occurs even if you pay the ransom

An infected computer must be wiped and restored. 52% of experts reported that the wipe-and-restore process took two or more days for the infected devices.

Also, you should note that 19% of companies that paid the ransom still didn’t get their files back.

 

PREVENTING RANSOMWARE

Like most forms of malware, ransomware infections may arrive through malicious web pages, infected thumb drives, or other common attack vectors. But the most common infection vectors are email-based—specifically, phishing emails.

“Phishing” is when criminals send a seemingly legitimate email that disguises a malware-laden attachment or link to an infected website. Criminals often use phishing to trick users into submitting sensitive information such as passwords or credit cards; but these days, they’re also using it to spread ransomware.

Phishing is particularly well-suited to ransomware. In a recent study(1), 94% of people couldn’t tell the difference between a real email and a phishing email 100% of the time. When study participants received an email that was spoofed to appear as if it was sent by UPS, 62% trusted it enough to click the link.

Protection against ransomware goes hand-in-hand with phishing prevention. Here are your top three activities:

Protect

Educate

Prepare

Your email defense should go beyond spam and virus scanning. It should also be sophisticated enough to recognize and block phishing attempts.

 

Technology can only go so far to stop phishing. Employees and executives have to be trained to spot phishing emails before they click.

 

While you need to block every single attack, the criminals only need to succeed once. Plan in advance for how you'll contain the damage before they do finally break through.

 

Is your data protected against ransomware? Star Computer Services offers a business continuity solution for ransomware. Among its benefits: users stay up-and-running during a ransomware outbreak. Learn more here.