Crypto-Ransomware on the Rise

Crypto-ransomware is a threat that has cropped up in recent years that has mostly been perceived as a consumer problem.  However, according to recent reports more small and medium businesses are being targeted.

Crypto-ransomware usually arrives as an email sent from what appears to be a legitimate source.  The victim clicks on a link within the email that triggers a program to start automatically encrypting user files on the hard disk and locking the computer screen.  When complete, the infected system will show a notification that prevents victims from using their own system unless a fee, or “ransom” is paid.  Instructions are shown on how users can pay the ransom to regain access to their system.

The ransom fees usually start from $400 and depending on the target can be much larger.  Bitcoin is a preferred method of payment, partly because the use of bitcoin makes payments difficult to track.  According to Trend Micro about 30% of ransomware victims pay to regain their data. The crypto-ransomware encryption is said to be uncrackable and unless you have a good backup of your system you may be faced with a very tough choice.

In the third quarter of 2014, crypto-ransomware accounted for more than a third of all ransomware types found in infected systems, and it’s still gaining popularity. Data gathered over the last quarter of 2014 shows that crypto-ransomware variants have increased from 19% to more than 30% in the last 12 months.

Small businesses can be particularly vulnerable because they often have less sophisticated computer defenses. Some 80% of small and medium-size businesses don’t use data protection and less than half use email security, according to Intel Security. Overall, 23% of recipients open phishing messages used to transmit ransomware and other malware and an estimated 11% click on the attachments, according to a data-breach report by Verizon Enterprise Solutions.

Once you have become a victim it is strongly encouraged not to pay the criminals to unencrypt your data.  With crypto-ransomware your best defense is to rely on your backup to restore your system.

Make sure you test your restore capabilities on a regular basis and create a versioning policy for your data so you can restore from different points in time.