Crypto-Ransomware Attacks are Now Targeting Corporate Users
As the overall number of encrypted ransomware attacks have risen, cyber-criminal ransomware attacks targeting businesses have become more frequent, particularly among small and medium-sized companies. A separate report, the IT Security Risks 2016 study from Kaspersky Lab and B2B International, confirms this trend with 42 percent of respondents from small and medium-sized businesses agreeing that cryptomalware was one of the most serious threats they faced last year.
For small companies, any data unavailable – regardless of the length of time – can lead to significant losses, or bring their entire operations to a halt. If an organization has not been following proper IT security measures to ensure the safety of its critical information, purchasing the decryption key from cyber-criminals is the only way to recover their files. However, this does not guarantee complete data recovery and the best way for businesses to protect their sensitive data from a cyberattack is to prevent the attack in the first place.
“When it comes to crypto-malware, there is wide attack vector including web, mail, software exploits, USB devices, and others.” said Konstantin Voronkov, Head of Endpoint Product Management Kaspersky Lab. “Since there are many different ways to attack, to avoid a security incident, organizations should have an anti-malware solution in place and should be educating employees on where attacks come from. Most importantly, they need to know not to open suspicious email attachments, visit untrusted web resources, or plug USB devices into unprotected computers.”
Kaspersky Lab experts recommend that small and medium-sized companies should follow several simple safety rules:
- Make regular backup copies of all important files. Companies should have two backups: one in the cloud (for example Dropbox, Google Drive, etc.), and another on an additional server or on removable media if the data volume is not too big.
- Trust well-known and respectful service providers who invest in security. Usually you can find security recommendations on their websites, they publish third party security audits on cloud infrastructure. Don’t assume cloud providers can’t have security, availability or data leakage problems. Raise the question – what do you do if your security provider losses your data? There should be transparent data backup and restore processes together with data protection and access control.
- Avoid using only free security and anti-malware software: small businesses expect the basic security tools offered within free solutions to be sufficient. Free tools do provide basic protection, but they fail to provide multi-layered security support. Instead, take a look at dedicated solutions that do not require a large financial outlay, but deliver a higher level of protection.
- Regularly update your OS, browser, antivirus, and other applications. Criminals use vulnerabilities in most popular software to infect user’s devices.
- Prevent IT emergencies - invite an expert to configure security solution for your company. Small businesses usually don’t have an IT department or full-time dedicated administrator, they simply rely on the most tech-savvy person in the office to take care of the computers, in addition to their regular duties. Don’t wait until something breaks – use IT support from an IT service provider to review your software and security configuration in advance.
If you have had your corporate files ciphered, it is worth checking whether it is possible to recover them by using free utilities or decryptor keys from noransom.kaspersky.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
1This report has been prepared using depersonalized data processed by Kaspersky Security Network (KSN).