A study has found that Ransomware is now the most common form of malware used by criminals in cyber attacks
Verizon, the American telecommunications company, recently completed their annual ?Data Breach Investigations Report? where they have found that Ransomware has been used in over 40% of successful Cyber Attacks studied.
Ransomware has been increasingly popular over the last few years, with many successful cyber-attacks such as the WannaCry virus that caused major distress to the NHS last year. It encrypts data and requests a payment is made in order for the user to retrieve their data, it is extremely unlikely that the user gains their data back and therefore no one should ever pay the ransom.
The study found that ransomware increased two fold last year, with experts fearing it could double again. Typically criminals use ransomware to target desktops, however the study has found that criminals are beginning to target more critical business systems such as databases, with breaches on databases trebling in the last year. Criminals will see databases as a good target as businesses are more likely to pay to retrieve their critical data.
It is also a time where we begin to see criminals target small and medium businesses. It?s unlikely that criminals will get much gain from using other forms of malware to target the businesses, however ransomware gives them the chance of making a profit. Small and medium sized businesses are also more vulnerable compared to the large companies, they will not have the sophisticated networks and security in place that larger companies have, making them an easier target.
Typically, the SMEs are targeted to gain access to the bigger fish (the SMEs are generally the clients or suppliers of the larger firms and also typically have lower security features in place so they are be seen as an entry point). It would be worth highlighting this as something to be aware of for SME owners.
Verizon went into a lot of detail with their report and have estimated that on average, businesses receive around 7 phishing emails a day. Phishing is the fraudulent practice of sending emails claiming to be from trustworthy entities in attempt to gain personal data or send malicious software to a users desktop. Phishing emails are not only one of the most popular form of attack, they are also the most popular form of ransomware delivery. Phishing emails containing links can download malicious software like ransomware to your pc, allowing it to encrypt data.
Ransomware and phishing attacks can be mitigated with security tools such as Antivirus and SPAM filters, however key security measures are also fundamental to keeping your business and data safe. Systems and software need to be updated regularly to ensure known malicious content can be stopped. Another fundamental measure is ensuring your users have the education to help prevent an attack. Do your users know how to spot a phishing email? Do they know what they should and shouldn?t do once they have spotted one? Sometimes it doesn?t matter what security tools you have, when all it takes is one click.