In May 2017, the WannaCry ransomware infected more than 230,000 computers in over 150 countries, making it the largest cyberextortion scheme to date, according to CNET. WannaCry has one redeeming value, though. It is serving as a wake-up call to business leaders who have not been taking this type of threat seriously. Their lack of concern is often due to common misconceptions about ransomware.Here are five myths debunked:
1. Our Business Is Too Small to Be Targeted
Some business leaders believe that a ransomware attack will never happen to them because their businesses are too small to be noticed by cybercriminals. This assumption was evident in a 2017 study sponsored by Carbonite. The Ponemon Institute surveyed business owners, executives, directors, and other individuals in more than 600 small and midsized businesses. More than half of the respondents stated that their companies were too small to be a target of ransomware.Contrary to popular belief, small and midsized businesses are often attacked. In a 2017 report, Malwarebytes reported that the frequency of cyberattacks against small and midsized companies has reached a level never seen before. Cybercriminals like to target smaller businesses because they usually do not have the expertise or resources to fend them off.
2. We Are Running Security Software So We Are Safe
Installing security software does not necessarily mean that a company will be protected from ransomware. There are many reasons why a company might still get infected despite using it. For starters, not all security applications are created equal. Some offer more capabilities than others. For example, security software that provides a browser toolbar that lets people know when websites are hosting malware will offer more protection since that is one way cybercriminals spread ransomware. Plus, security software providers set their own schedule for releasing malware-definition updates. Software that is frequently updated will offer better protection than one that is not. Thus, you need to make sure that your provider releases updates frequently. In addition, you need to periodically check to see if the updates are being successfully installed on your business's computers.It is also important to keep in mind that even the best security software cannot protect against ransomware attacks that have not been seen before. Cybercriminals know this, so they continually release new attacks as well as overhaul existing ones. For this reason, you should take additional measures to protect your business against ransomware, such as performing data backups regularly and showing employees how to spot phishing emails.
3. Ransomware Is Not a Problem for Us Because We Do Not Use Windows
Business leaders sometimes erroneously think that their computers are not susceptible to ransomware because they are not running Windows. While it is true that Windows computers are often attacked, cybercriminals are increasingly targeting machines running other types of operating systems. For instance, in 2016 hackers released the KeRanger ransomware, which targeted Macs.Similarly, business leaders might believe they are safe from ransomware because their computers are so old that they are off the cybercriminals' radar. However, hackers often intentionally target machines running old operating systems because those systems are no longer supported and patched by vendors.
4. Our Smartphones Are Safe from Ransomware
Companies are increasingly taking advantage of smartphones and storing business data on them. This is making smartphone ransomware more lucrative, so more cybercriminals are launching these types of attacks. For example, the number of Android ransomware attacks increased dramatically in 2016, according to ESET researchers.The bottom line is that any device that connects to the Internet is a potential target for ransomware.
5. We Will Get Our Data Back If We Pay the Ransom
Ransomware holds a business's data for ransom. In theory, you should get the data back if you pay it. However, the Carbonite study found that only 55% of the respondents who paid the ransom were provided with the key needed to decrypt their files. Thus, you need to make sure that your business's data is being backed up regularly and test those backups. That way, you do not have to give into the hackers' demands and hope you will get your files back.
The Next Step
Now that you know the facts, it is time to take measures that will protect your business from ransomware. We can help you develop and implement an effective defense against this serious threat.