Unless you've been living under a rock for the past few weeks, you've likely heard of — or perhaps even been affected by — the devastating "WannaCry" ransomware attack. WannaCry has already spread to more than 230,000 computers in 150 countries, and cybersecurity experts warn that the malware's effects are far from over.
Although ransomware attacks have been around in some form for more than a decade, their prevalence has increased massively as of late, leaving organizations struggling to formulate a coherent response. So what are the risks of ransomware for your organization, and what can you do to protect yourself?
What Is a Ransomware Attack?
Ransomware, as the name implies, is essentially malware that holds your data hostage. Once the software has gained access to your computer, it encrypts your files to prevent you from using them, and displays a message demanding a ransom that must be paid in order to unlock your information. Often, the payment continues to increase if the ransom is not paid after a given period of time, until the final deadline passes and your files become totally inaccessible.
Why Is Ransomware So Damaging?
The impact of a ransomware attack can be catastrophic for an organization unprepared to deal with the threat. Cyber risk modeling company Cyence has estimated that the total costs from the WannaCry attack will be in the hundreds of millions of dollars, and may stretch as high as $4 billion.
Ransomware's immediate effects, of course, are already painful enough for businesses. The average ransom demand in 2016 was $1,077, according to a report by Symantec — and this price must be paid for every computer infected with the malware.
However, even worse than paying the ransom are the ramifications of the attack. While your files remain under the attacker's lock and key, the affected computers are effectively prevented from operating. This can have a massive impact on your productivity, and might even require you to stop your business in its tracks. What's more, the fallout from the attack can affect customers' and investors' confidence in your company.
In February 2016, Hollywood Presbyterian Medical Center in Los Angeles became just one example of the potentially horrifying effects of ransomware. The hospital declared an internal emergency after it was infected by a ransomware attack, which prevented radiologists and oncologists from using their equipment. With the potential disruption of cancer patients' treatments on the line, the hospital had no choice but to pay more than $16,000 to the attackers.
How to Prevent a Ransomware Attack
There's little doubt that ransomware represents a growing threat to your organization. According to security company Kaspersky Lab, a business fell victim to a ransomware attack every 40 seconds in September 2016, representing a threefold increase over a period of only eight months.
Fortunately, there are real steps that you can take to protect your IT infrastructure from ransomware. For one, ransomware usually spreads through email attachments and other files that users are tricked into downloading to their computer. Impress upon your employees the importance of avoiding phishing attacks and suspicious websites. In addition, make sure that your computers' operating system and software are always updated as soon as possible.
If all else fails and your organization is infected by ransomware, you can still thwart the attackers' demands through one IT security best practice: maintaining online backups. Your important data should be backed up to the cloud on a daily basis, which will enable you to restore the infected systems to their state before the attack.
Although removing the infection and restoring your backups won't be a pleasant experience, it's vastly preferable to having to pay a ransom in order to get your business back up and running. Click here to learn more.