Ransomware cripples business despite heightened awareness
- 30 November, 2015 06:35
Nearly half (45 per cent) of all businesses recognise the serious threat posed by crypto-malware, also known as ransomware, representing a sharp increase from 37 per cent in 2014.
However, despite this rising awareness, crypto-malware attacks continue to severely impact companies, with the CryptoLocker ransomware believed to have infected more than 234,000 computers worldwide.
Kaspersky Lab research involving 5,500 IT specialists from more than 25 countries has found the global cyberthreat landscape continues to expand and cybercriminals have discovered the malicious encryption of data, followed by a ransom demand, can be highly profitable.
Many companies admit that they often pay up. The gang behind CryptoLocker is believed to have made $30 million in the space of just 100 days, while the creators of CryptoWall may have pocketed as much as $325 million.
“Businesses are a tempting target for ransom attacks,” says David Emm, Principal Security Researcher, Kaspersky Lab.
“It doesn’t matter if they are very small or of enterprise size, crypto-malware will find a way in if there is no security to block it.”
Like other forms of malware, Emm says it enters a network through emails, malicious attachments or links from a compromised website, which is then opened, downloaded or clicked on by unsuspecting employees.
“Crypto-malware attacks are profitable and increasingly popular with cybercriminals,” Emm adds.
“Businesses often pay up without realising that there is no guarantee that their data will be unlocked - and there is new evidence that poorly-coded ransomware can mean some information is never recovered.
“The best way to protect the company’s data and assets is to implement comprehensive cyber-security measures that cover everything from infrastructure and storage to mobile networks - all accompanied by employee awareness and education.
“Furthermore it’s essential that data is backed up regularly, so that the company doesn’t find itself in the position of having to choose between paying the ransom or losing data.”