More than one third of corporates have been hit by ransomware attacks or know a company that has, according to new research from security vendor ESET.
The firm polled 200 security professionals at the annual Infosecurity Europe event in June and found additionally that 84% believe their company would be seriously damaged if it were successfully infected with ransomware.
Almost one third (31%) admitted that if their corporate networks were infected they’d have no choice but to pay the ransom in order to have mission critical data decrypted again.
Although all ransomware attempts to extort money from the victim, there are several variants which set about it in a slightly different way.
These include early versions of so-called ‘police-themed’ ransomware which disguises demands to look like official warnings from the local constabulary – requiring payment of a fine to settle a made-up offense.
Reveton is probably the most famous of these variants.
More recently, malware writers have introduced even more dangerous versions which typically encrypt the victim’s files until a ransom is paid, whereupon they receive the decryption key.
CryptoWall and CryptoLocker are among the most infamous of this type of ransomware.
In fact, an FBI notice earlier this week claimed that CryptoWall has cost US victims in excess of $18m since last April.
The Feds urged users to keep up-to-date with AV software and firewalls, to resist clicking on suspicious looking emails or web content and to always back-up their PC files, in order to mitigate the risk of a ransomware attack.
Last month, an enterprising security researcher published a Ransomware Response Kit to help IT admins respond faster to the threat of such attacks.
It includes links to ransomware removal tools publicly available from vendors like Trend Micro and FireEye.
Mark James, security specialist at ESET, recommended firms keep up to date with operating system versions and applications, and ensure only the apps they absolutely need are running.
Staff education is also important to ensure they can spot email scams, he told Infosecurity.
“The single biggest step you can take is to ensure you have a good point-in-time backup in place that has been tested to ensure it’s working. Regular restores are a must to ensure you can retrieve your data when it’s most needed. Having a good internet security product will help you mitigate the chance of actual infection in the first place so should be in place for all machines that access your network and/or the internet,” James explained.
“Having tiered network access could limit the damage of ransomware but is not always practical. Showing hidden file extensions can help to spot the onset of ransomware and lastly you could consider using one of the crypto-prevent toolkits that are available from third parties to monitor or block access to the most used locations that ransomware uses. Please consider the fact that paying the ransom is just funding crime and ideally should not be a consideration at all.”