December 13, 2016
About 59.3% of businesses in Australia and New Zealand have already been hit with a ransomware attack while 79.6% of businesses have received, and recognised, phishing email attacks.
Even with odds like these, many do not even consider ransomware as an issue. Until, of course, it happens to “us”. And once it happens, what happens? We pay up! We are happy to reach into our pocket and fork out $500, $1000, $2000 or even more. Not to get our lost data, documents and images back from the criminals, but simply to obtain the key to unlock it.
Because when you are attacked by ransomware, it is not a robbery. The criminals have not stolen your valuable assets; they have simply locked them in a format that is inaccessible to you. The only way to get into that locked place is with a key. And the only way to get that key, is by paying the ransom fee.
Ransomware is getting out of hand in Australia because we can afford to, and do pay. ITWire asked Justin Peters, technology director, Sophos for a few words on this highway robbery. His advice is reproduced below:
It’s almost more frustrating than if your data had physically been stolen. Ransomware leaves behind little reminders of your family photos, your important business documents, your confidential HR data, in a thumb file or a modified version of the file name you so recognise. It’s there, on your computer still, yet you cannot access it.
It is awful. It is clever. And it is a successful criminal business, which is being funded daily by ordinary, unsuspecting, unprepared Australians.
A single hacker tracked by SophosLabs earned US$17M in a seven-week period. People pay the ransom, so hackers are incentivised to return encrypted data, and the viscous circle continues. But with ransomware attacks increasing by 165% across Asia Pacific Q1 of 2015 alone and businesses moving more important files to mobile, what does the future hold?
There are simple strategies individuals and businesses can put in place to prevent a devastating ransomware attack:
- Prevention is always better than cure. Ensure you have updated all the software on your computer and phone, to prevent hacked websites from being able to automatically inject ransomware onto your device.
- Get the right protection. Endpoint security software is widely available. Install it and ensure it is being updated properly and regularly. Consumers can use free solutions like Sophos Home while businesses will usually have an endpoint security product installed. When updated properly these tools are very effective at preventing many ransomware attacks.
- Check your emails. And check again. The cybercriminals are smart. They know to target you during busy seasons (like Christmas), with materials you are probably expecting to get (like courier delivery notices), which means you’re more likely to click on that link in that email, and unknowingly invite malicious code into your computer. As always it is always safest to always type the name of the site you want to go to directly into your web browser and to verify any attachments you receive are legitimate with the sender.
- Defend your computer against ransomware. Sophos’ latest product Intercept X, is the next generation of advanced endpoint protection that’s capable of automatically stopping attacks as soon as they are detected. Better yet, it even retrieves lost data. What’s more, Sophos Intercept X can be installed and run along any competitive endpoint security software, boosting the levels of protection against unknown exploit variants and stealth attacks, with minimal impact to endpoint performance.
There’s no excuse – don’t wait until you are attacked. Don’t be another investor into the business of ransomware. Be prepared and protect yourself before the attacks start.