Ransomware attacks – where cybercriminals take control of your files and demand a ransom for their return – are nothing new. The first instance of such an attack can be traced all the way back to 1991. A biologist spread PC Cyborg – the first-ever ransomware – by sending floppy disks through the mail.
The ransomware threat evolved steadily over the years until it exploded in 2017 with a rapid increase in the number of ransomware attacks worldwide. The severity – as well as the ubiquity – of those attacks caused the threat to hit the headlines.
Enough to make you cry
One of the most infamous ransomware attacks was WannaCry in May 2017. It swept across Europe and caused untold chaos. Within just a few days over 250,000 instances of WannaCry were detected in 116 countries. It closed hospitals in Ukraine, and crippled elements of the UK’s National Health Service. Organizations, businesses, and individuals everywhere were rightly becoming worried about ransomware. Yet fast-forward to 2019, and ransomware no longer seems to make the news. You’d, therefore, be forgiven for thinking it had quietly passed into history.
Should you still be worried about ransomware?
Unfortunately, the answer to that question is a resounding yes. Just ask the local government and residents of the city of Baltimore. In May this year, the city suffered from a crippling ransomware attack called RobbinHood. It took all government servers offline, except for those dealing with essential services. The attackers demanded 13 Bitcoin to restore control, but Baltimore’s mayor refused to pay. It took the city until well into June to regain (almost) full control of their systems once again. By that point, it was estimated that they’d spent over $18 million in direct response to the ransomware attack.
That’s not the end of the story, either. For a number of reasons, today’s ransomware attacks pose an even greater threat than those of 2017. The reasons stem primarily from the more sophisticated organization being displayed by today’s cybercriminals. A phenomenon called Ransomware as a Service (RaaS) is a prime example of this. RaaS is growing more prevalent amongst the cybercriminal fraternity. It involves nefarious individuals ‘buying in’ to a kind of affiliate scheme. They get a percentage of the profit extorted from ransomware victims, in exchange for distributing the relevant malicious code.
Defending against ransomware
These are a few simple but useful tips to limit your risk of suffering a ransomware attack:
Back up, back up, and back up again.
A key reason why people tend to be worried about ransomware is its ability to lock you out of your own files and systems. If you perform regular backups of those files and systems, you take that power away.
Update and patch.
It’s imperative that you keep your server and other software up to date. Newer, updated versions of the software fix any security vulnerabilities that may have been discovered. Antivirus, firewall, and other cybersecurity tools should also be regularly updated.
Be on the lookout for phishing.
A 2019 Verizon data breach insights report revealed that 32% of all cybersecurity breaches involved phishing. You should never open or respond to unsolicited emails, texts or IMs unless you can confirm their legitimacy.
If you do suffer a ransomware attack, it may be tempting to pay the ransom. In the long run, though, this isn’t a smart strategy. There’s no guarantee an attacker will really give you back control of your files, and you’re demonstrating you may be a lucrative target for future attacks.