What is Ransomware?
Ransomware is a form of malware that encrypts files on a computer or device, making them inaccessible to the user. Once immobilised, cybercriminals demand payment from the company in order to decrypt their device and networks. Like other malware, ransomware can enter your device through phishing emails, poor security protocols, or clicking links and downloads on suspicious websites. Once ransomware is installed, it will encrypt any files it can find, including photos, videos, documents, and even entire folders.
What do hackers want?
Like the name suggests, cybercriminals render an organisation’s devices or data unusable until a ransom is paid, typically in bitcoin or another form of cryptocurrency which is untraceable. Cybercriminals rely on underprepared small businesses with weak security protocols to win an easy pay day.
Users may not even be aware that their computer has been infected with ransomware until they can’t access their files. In some cases, ransomware will also display a message on the user’s screen demanding payment in order to unlock the files. The ransom amount varies, depending on the size of the company. On average, ransomware attacks are costing Australian businesses $250,000 per attack.
Who do they target?
Cybercriminals targets small, medium, and large businesses from any industry and for different reasons. They may target businesses with a large customer base and/or a valuable data set. By targeting these businesses, the ransomware attackers can maximise their profits by demanding a ransom payment from the victims.
How to prevent ransomware
The majority of ransomware attacks involve a human element. For example, an employee can click a phishing email or download a malicious file from a suspicious website. Preventing ransomware installation is an active process that requires a strong combination of preventative measures and constant vigilance. The first step in protecting your organisation is to ensure that your employees are aware of the dangers of ransomware. Here are some quick tips to help you and your employees prevent ransomware attacks:
- Never click on unsafe links
- Avoid disclosing personal information
- Do not open suspicious email attachments
- Never use unknown USB sticks
- Use only known download sources
- Use VPN services on public Wi-Fi networks
Implementing a cybersecurity awareness training program for your employees can drastically reduce your company’s risk of accidentally downloading ransomware.
PhishNet delivers highly effective, engaging, and affordable cybersecurity awareness training to help businesses mitigate the risks of human error data breaches.
Talk to PhishNet today to learn more or check out our free Risk Assessment as you gather a baseline of your organisation’s cyber resilience.