Ransomware Attacks

Business Owners, Beware of Ransomware Attacks by Amateur Hackers!

Ransomware attacks and other schemes by cybercriminals continue to take a toll on businesses of all sizes. According to the Federal Bureau of Investigation (FBI), businesses and individuals lost $3.5 billion to cybercriminals in 2019. Ransomware is a type of malware installed by hackers that locks and encrypts computers and data until a ransom is paid. This leaves businesses with an important decision: “Should we pay the ransom?”

This topic was recently addressed in the Wall Street Journal following their Pro Cybersecurity Symposium. Experts said that paying hackers a ransom to recover your business’s data doesn’t guarantee that they will. Why? They might not know how. Dark-web forums have made ransomware more readily available putting it in the hands of individuals with “the inclination and a relatively low level of technical ability.” As a result, we’re seeing ransomware attacks by amateur hackers who don’t know what they’re doing at the infection stage or the decryption stage.

Both the FBI and the Department of Homeland Security (DHS) advise companies not to pay ransoms. Alongside the rise in ransomware attacks by amateur hackers there is the also the idea that paying a ransom “feeds the beast” and encourages further attacks. Paying a ransom is only a temporary fix, if it even fixes the problem at all, says Roy Hadley, a data security and privacy expert quoted in the WSJ article.

With all of this in mind, what do businesses need to do to protect themselves? Don’t ignore security vulnerabilities. As a business owner, it’s imperative to be aware of any and all risks. Here are a few steps:

  • First, have up-to-date training for all IT employees.
  • Second, always maintain and update your security software.
  • Third, keep your operating system updated and avoid running hardware or software that is obsolete without vendor support.
  • Fourth, provide cybersecurity training and updates to all employees on best practices, security alerts and potential risks.
  • Fifth, if you use a managed service provider (MSP) to remotely manage your IT infrastructure, make sure you thoroughly vet them on their security programs and protocol. (We have some tips here.)

And of course, cybersecurity insurance is important and recommended, as it helps a business recover from a ransomware attack, security breach or other cyber event.

For more information on Rose & Kiernan’s cybersecurity risk management, please contact us at techrisksolutions@rkinsurance.comClick here to learn more about cybersecurity insurance.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

A New Cybersecurity Threat: Understanding Fileless Non-Malware Attacks

Fileless non-malware tactics are being used to stealthily infiltrate cybersecurity systems and many organizations aren’t equipped to detect or defeat these tactics. We discuss what businesses can do to combat fileless methods of attack and protect cyber assets.

Read More

cloud-based email compromises
A Key Cybersecurity Threat: Banking Trojans

A banking Trojan is a type of malicious computer program that is designed to gain access to confidential information stored or processed through an online banking system.

Read More

cloud-based email compromises
A Key Cybersecurity Threat: Business Email Compromises (BEC)

Business email compromises (BEC) are on the rise as a major cybersecurity threat. There are steps business owners can take, including getting cybersecurity insurance coverage.

Read More