How to Protect Yourself and Your Business
Ransomware is a form of malware, or malicious software, used to encrypt sensitive files held in business and personal devices, essentially locking users out of their own data or networks. Once deployed, the ransomware encryption restricts access to files and the victim receives a notice that a “ransom” must be paid to unlock the data or device. The ransom request often requires payment by Bitcoin or other types of anonymous cryptocurrency. Access to data is supposed to be restored once the ransom is paid and the attackers provide a decryption key.
In a trend increasing in frequency, that data is often also stolen — either to demand additional payments from the victim or to sell it on the dark web.
Recently, there has been an escalation of ransomware incidents making headlines, including high-profile attacks on energy, financial services, healthcare and even cybersecurity industries. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) reported a 62% increase in ransomware activity during the first half of 2021 over the same period the previous year.
With the rapid shift to remote work by millions of Americans and the threat of phishing, consumers and business are all at increased risk of ransomware attacks.
Ransomware is increasing in use because it works. One mistake by a single user has the potential to expose an organization’s entire network. Many people and organizations — up to 83% — admit to paying the ransom, giving criminals an easy way to make money without the hassle of breaking into bank accounts. (They may do that too, though, if they can access financial or personal information during a ransomware attack.)
Ransomware can be another way for cyberthieves to get their hands on your personally identifiable information (PII) while also profiting from the organizations and individuals urgently trying to regain access to their data.
While not every ransomware attack is labeled a data breach, they increasingly result in exposed data on the dark web. Likewise, not every data security incident is a reason to panic. Breaches come in a variety of sizes and personal data breach risk levels. The combined total of this activity over time paints the picture of the risks you might face — because once your PII is in the hands of an identity thief, you could be susceptible to more than a dozen types of identity theft and fraud.
Currently, attackers often focus their attention on larger organizations with large amounts of data and that always need access to their files. Not only do these companies typically have the resources to pay a ransom, but they also have added incentives to pay quickly. Unscheduled downtime can be expensive — up to $300,000 per hour or more, depending on the size of the organization. They also want to avoid reputational damage to their business.
In addition to businesses, local government agencies, schools and universities and healthcare organizations have become favorite targets of ransomware gangs.
While the ransomware gangs have focused primarily on large businesses, that does not mean individuals and small businesses are not at risk. On the contrary, three trends suggest they may see greater risk:
In addition to the personal protection guidelines described above, the following tips can help reduce the risk of an employee exposing your business to a ransomware attack.
With threats like ransomware being perfected daily by sophisticated attackers, it’s important to protect your privacy online. Our identity theft protection services can help, and you’ll have assistance from our Certified Identity Protection Specialists if your identity becomes compromised. IdentityForce can help monitor your identity and credit while providing you with the latest news and information in identity theft protection. You can try it for yourself with a 30-day personal trial.
You can also request a business trial of IdentityForce. See first-hand how IdentityForce can help keep your employees and your organization protected against identity compromise.