The number of reported "ransomware" cybersecurity attacks happening worldwide is increasing in volume and severity. Even though more and more cases are being reported in the media, you may think this situation does not concern you. However, these fraudsters do not only attack large companies. Mid-sized and small businesses are also impacted to a lesser extent. In 2020, the financial losses from ransomware attacks had been estimated at $1 billion in Canada alone. To avoid becoming one of such a percentage, here are some strategies you can implement now, some of which will have to be repeated regularly, to avoid your company's activities being paralyzed in case of a malicious intrusion.
Ransomware represents $ 1 billion loss in Canada in 2020
What Is a Ransomware?
Ransomware (also known as "cryptolocker" or "extortion software") is malicious software that hijacks an individual or a company's critical data. The scammer uses such software to exploit a security hole in your computer system to carry out this attack. Once in your computer system, the ransomware encrypts your data, and you can no longer access it. The scammer then sends you a ransom request. The amount of money requested in exchange for the decryption key depends on 1) the size of the targeted company; 2) the criticality of the data targeted by the attack. You will only regain access to your data once the ransom has been entirely paid.
The Story of a Ransomware Targeting a Company's Accounting Data
A company I know was recently the victim of such an attack that affected its accounting database. The password usually used was no longer valid. A scammer had changed the password of the accounting database. Can you imagine suddenly losing access to all your accounting information and not being able to issue invoices to your customers? Not only this company had not put in place any security system to protect itself from this type of attack, but it also did not use any efficient data backup system. Therefore, the only alternative to paying the $10K ransom request was to rebuild the accounting database, which would have cost them more money. As a result, the company decided to pay the money requested by the scammer. However, this process was time-consuming, and the company lost significant revenue during the downtime.
Imagine suddenly losing all your bookkeeping, inventory and customer accounts?
As 98% of ransomware attacks require payment in cryptocurrency, the company began the required steps to pay the ransom in Bitcoins. Scammers use this payment method, as it offers the convenience of preserving the account owners' anonymity, on top of being a fast currency. Therefore, the company paid $10,000 in Bitcoins. Be aware that the process of paying in cryptocurrency can be time-consuming when you are a first-time user, especially when you are the victim of a cyberattack. You will need the help of your service provider to purchase and send Bitcoins.
Meanwhile, the company hired a cybersecurity professional to strengthen its security measures and set up an automatic backup system. It also reported the incident to the police; however, it is impossible to trace a scammer with a Bitcoin payment.
How to Protect Yourself From a Ransomware Attack?
Within the large number of ransomware cybersecurity attacks reported each year, nearly 74.8 percent of companies decide to pay the ransom to their scammers. To avoid becoming one of such a percentage, here are some strategies you can implement now, some of which will have to be repeated regularly, to avoid your company's activities being paralyzed in case of a malicious intrusion.
- Update your computer system: download all the latest software and operating system versions.
- Update your antivirus software: actualize your software capable of detecting computer viruses and removing them.
- Be attentive to fraudulent emails: pay close attention to emails from non-credible sources, poorly written, threatening, requesting quick action, etc.
- Avoid dubious websites: look for outdated data, broken internal and external links, lack of or outdated SSL certificates, etc.
- Backup your data: install a robust automatic data backup system.
- Change your passwords: modify all your passwords, knowing that there are password generators and managers to facilitate this process.
With the increasing number of ransomware attacks, there is no need to be in panic mode. However, you should be proactive and take action now to avoid such a situation damaging your business. We sometimes delay expenses that we do not consider necessary. Having an efficient data backup system should be one of your priorities. The question to ask yourself is:
Would you rather give $10K to a scammer and lose revenue or invest $10K in an effective backup software?