Ransomware is a form of cyber-attack in which criminals install malware (or trick victims into installing malware) on someone's computer that prevents the victim from accessing his or her files until he or she pays a ransom to the criminal. In 2016 losses to ransomware were somewhere around a billion dollars, and spread across verticals. Even hospitals were targeted. If you do not yet know about ransomware, click here to to learn about it ASAP.
But one major change in ransomware has taken place in recent months - and it is a devastating and scary one: Criminals are no longer adhering to their prior "code of ethics," and, in many cases, even when ransoms are paid, attackers do not return access to files to their rightful owners.
This development is not a shock - I discussed last November that it would ultimately arrive. But, for those who permanently lose their important files (and some money) it can be truly devastating.
According to a survey of 250 information technology professionals working in small and medium-sized businesses (SMBs) conducted by Bitdefender and Spiceworks, one in five SMBs was infected with ransomware within the past year; of those, 38% paid the ransom (an average of $2,423). But, of those who paid the ransom - only 45% got their data back.
Think of the damage to a small business if it loses its data and cannot recover it. The results can be devastating -- and, in some cases, fatal, to the business.
Clearly, the era in which many businesses rely on the fact that they can pay ransoms to get their data back, rather than properly protect their data in the first place, should be over.
If you have not done so already, I strongly suggest that you learn about ransomware, backup your data often (and keep the backups disconnected from the primary sources - if you do get infected by ransomware, you do not want it to encrypt the backups as well), and learn how to protect yourself from it.