Imagine this:

You're sitting at your office computer, and suddenly you can no longer access any of your files. After frantically trying to figure out what has happened, an ominous message appears on the screen:

“The files on this computer have been encrypted. You have 48 hours to submit $1,000 in payment to receive the encryption key. If you do not submit within the 48 hours, the payment will double to $2,000. If you have not paid within 96 hours, your files will be permanently destroyed.”

You don’t want to pay, but feel as if you have no choice. So you electronically send the money. And in doing so, you become the latest in a long line of users victimized by ransomware.

Ransomware is one of the fastest-growing forms of cybercrime in the world. Basically, it is malware that infects a computer – often delivered through an innocent-seeming link on an email or when a “helpful” program is downloaded – and either locks your device or encrypts the Master File Table or hard drive. The only way to unlock the computer or decrypt the data is to pay the hackers ransom – which is exactly what they’re counting on.

For some time, individual users had been the chief target of ransomware because they generally didn’t take the necessary precautions to prevent an attack. But in recent years, the environment has changed dramatically, and businesses are paying the price.

In 2014-2015, for example, just 6.8 percent of ransomware incidents involved corporate users, or approximately 27,000. The following year that nearly doubled, to 13.13 percent, but the number of users who were attacked soared to over 158,000.

The cost? Americans collectively paid $325 million in ransomware attacks in 2015, and the FBI has projected that the pricetag to home users and enterprises could hit $1 billion this year.

But the targets of these cyber-criminals extend far beyond corporate America:

  • After it was infected with malware, the Hollywood, Calif., Presbyterian Medical Center was forced to keep records with pens and paper. Eventually, it paid 40 bitcoins (about $17,000 at the time) to get access to its system.
  • Data in 60 percent of the computers in the Horry County, S.C., School District was encrypted. The district paid the equivalent of $10,000 in bitcoins to get the system running again.
  • Hackers demanded $700 in bitcoins from the city of Plainfield, N.J., to unlock its municipal servers.
  • Five sheriff’s and police departments in Maine were locked out of their records management system by cyber-crooks who demanded ransom.

(Note: Hackers generally ask for payment in bitcoins because it’s harder to trace.)

With the spread of ransomware on the rise, more and more business and institutions face the very real threat their data will be taken hostage. Although they won’t always admit it, the FBI has acknowledged that often the easiest solution is to just pay the hackers. Of course, that ends up funding the criminal networks – mostly based in East Europe and Russia – and invites more attacks.

So the best offense may well be a good defense. Here are five ways to defend against ransomware:

Threat immolation or extraction. This is the best option. It refers to software that removes embedded objects, macros, and scripts from a document – PDF file, for example, Word document, Excel spreadsheet – and delivers a sanitized file to the user. The key here is time. Some programs detect and address the malware in as few as four minutes and then block it instantly, so the ransomware spends no time on the network. Others can take two or three times as long to identify the threat and more than an hour to block it, placing the network at risk for 70-80 minutes.

Comprehensive security. Antivirus software is a basic requirement for any cybersecurity strategy. There are some products specific to ransomware that monitor for malicious activity and alert users if they detect a threat. But an antivirus solution is only part of the security equation. Equally important are firewalls – either hardware (routers) or software (programs) – that control what comes in and goes out of your computer and prevent unauthorized access; and web filtering software that restricts what content users can access.

Effective backup. Antivirus software, firewalls, and web filtering are really the first line of defense. But there needs to be a secondary line as well: backups, which ideally should be maintained on portable hard drives and online (in the cloud). Online backups that save data incrementally – every five minutes, for example – are especially effective, because they allow an organization to go “back in time” before the ransomware attack to recover information. As a result, 1) victims don’t have to pay the ransom, and 2) they can be certain the data they are recovering is uncorrupted.

Employee training. Hackers often gain access to data because “click happy” employees or users don’t know how to recognize emails, attachments, links, and infected ads that can carry malware. Showing them how to do so – and then what to do about it – can go a long way toward reducing the threat.

Updated patches. Sometimes malware finds its way into a computer through bugs in applications or software. So when operating systems or apps offer a security patch, install it. That takes one more weapon out of the hackers’ arsenal.

As noted above, ransomware attacks are on the rise and show no signs of slowing. Worldwide, the total number of victims rose 17.7 percent from April 2015 to March 2016, from 1,967,784 to 2,315,93; the number of encryption attacks increased 5½ times from the same period the year before.

Clearly, as long as there are criminals who can create and deliver the malware and fearful users willing to pay the ransom, it’s only going to get worse. But you can fight back by developing a multi-layered security strategy that minimizes the potential for hostage-taking and puts you in better control of your data.


Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.