Large scale ransomware attacks have been big news over the last few months. Thanks to ever more sophisticated samples — such as the recent variant, Synack —that target victims in almost every country, this has become a global threat.
The figures speak for themselves: with a cost of around $5 billion in 2017, and a 350% increase compared to the previous year, there is no doubt that this Trojan’s reputation as a large threat in the cybersecurity industry is still very much intact. A cyberthreat that is on the rise, and that will continue to exist as long as victims keep paying the ransoms.
Nowadays, as well as being a threat that is constantly evolving thanks to the variety of samples and infection techniques available to hackers, it is also a criminal tactic that, for hackers, is worth investing their efforts in. Juicy rewards with a low risk of being caught, and a large amount of targets who can be infected; from individual users to large companies, there are plenty of opportunities.
Advice to avoid ransomware:
- Ensure that employees’ user accounts are protected with strong passwords, and that they don’t have administrator permissions.
- Don’t open emails from unknown senders or emails that ask you to open them: the best thing to do is to delete them straight away, and under no circumstances reply to them.
- Don’t trust shortened links or attachments, even if they’re from trusted contacts.
- Create backups regularly to avoid loosing data.
- Draw up and implement an auditing plan (carried out by internal auditing teams, or specialized third parties), both for the organization’s systems and for its policies, in order to be able to detect possible vulnerabilities.
- Invest resources in improving training and staff awareness of IT security, especially when it comes to this type of threat.
- The importance of multilevel security: In view of current threats like ransomware, basic protection is not enough. To ensure maximum protection, it is highly recommended to use complex, robust multiplatform tools like Panda Adaptive Defense360.