It can happen without notice, without a warning: the hostage-taking of your company’s data.

Most business people hadn’t heard of ransomware until the WannaCry ransomware attack in 2017 crippled over 300,000 computers.  That malicious cryptoworm attack targeted computers running the Microsoft Windows operating system and demanded payment in Bitcoin cybercurrency.

So, should you be concerned about an attack like this?

In a word, yes.

Malware has been around a long time (since the 1980s), but this new generation of cybertheft can cripple not only your computers and seize your data—it directly impacts your bottom line. And it can come at you through mobile devices and either PC or Mac platforms.  It doesn’t play favorites.

Malware shows up rather innocuously but can be into your system quickly. Be aware of:

  • An innocent email warning the user of a needed update.
  • A warning meant to scare the user into clicking a link either as an email, text or IM.
  • An offer email suggesting the user buy some form of protection.

There are several types of ransomware.  They can take the form of:

  • Scareware, which does just that: scares the user into clicking an infected site.
  • Screen lockers are an intruder that, once opened, lock the user’s screen until a ransome is paid.
  • Encrypting ransomware

And they have names like Bad Rabbit, Petya and SamSam.

What should you do?  If you are infected:

  • Never pay the ransom. The FBI advises that this just encourages cybercriminals to do it again.
  • Make your IT partner is aware of your fears and enlist them in adding decryption software and other defensive systems.
  • Pay close attention to the ransom message initially and don’t do anything until you consult a professional to help with your response. This is like calling in the negotiators from the FBI before getting entangled in further complicated situations.

How can you prevent an attack in the first place?

  • Be sure your systems and software are updated and current. WannaCry took advantage of a lack of updates.
  • Backup, backup, backup. Even your cloud storage should have high-level encryption and multi-factor authentication.
  • Stay informed. Don’t let your guard down.  Educate your employees on how to spot suspicious spam and links.

This is serious business and should be a priority in your IT strategy and policies.  If you have any questions about this maliciousness, give us a call or drop us a line.