Security Practice Lead
Ransomware is big business and alarmingly no one is immune. It’s not just large organizations with social security numbers to protect or healthcare providers with HIPAA data that are at risk. Nearly any company, even anyone, can be a target for ransomware.
Why? It’s disturbingly lucrative. In fact, the FBI reports that ransomware attackers collected more than $209 million from victims during the first three months of 2016 alone. That’s up from $24 million for all of 2015, or as much as $10,000 per infection.
How do the hackers get in? Most commonly it’s via a phishing email that entices us to click on an attachment. Once opened, that macro file fires off and starts encrypting files, often well before a breach is ever suspected.
One thing I hear too frequently is, “you’ll be safe if you don’t run as a local admin.” But that’s a fallacy. It can impact any user. And from that initial penetration the cyber criminals can quickly gain access to any file share the user has access to, encrypting 1,000’s of files before you know it.
If you don’t have strong security or back up for those file shares, your company data can be sorely at risk – again – no matter how large or small the environment.
At VeriStor, one of the best preventative measures we advocated is education. We believe that if we know what hackers are doing, we can better secure ourselves. We can’t secure what we don’t know about and we can’t prevent attacks we don’t know exist. That’s why we actively engage in security conferences and embrace security training everywhere we can.
Want to hear more about the impact of ransomware? Listen to this podcast from InfoSec Nashville. Then see why ransomware isn’t the only thing we need to secure our company data from, internal threats can be an issue too. Read this paper, Danger Lurks Within: Internal Threats Leave You Vulnerable.