Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 05 2016, @08:20PM   Printer-friendly
from the offsite-and-offline-backups-FTW dept.

The threat of ransomware is becoming widespread among corporations, with almost half of U.S. businesses suffering an attack from the nasty form of malware recently, according to a new survey.

Security firm Malwarebytes sponsored the study, which found in June that 41 percent of U.S. businesses had at least encountered between one to five ransomware attacks in the previous 12 months.

Another 6 percent saw six or more attacks.

The study surveyed corporations in the U.S., Canada, U.K. and Germany to gauge how ransomware affected their operations.

The malware, which can infect a computer and take the data hostage, can be bad for business. Thirty-four percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.

U.S. businesses victimized by the malware generally didn’t suffer a heavy toll and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

[...] More amateur cybercriminals are probably indiscriminately spreading ransomware in the U.S. like spam, the survey added. Low-level ransom demands of up to $500 are prevalent in the U.S. However, high ransom demands of more than  $10,000 are more common in Germany.

Malwarebytes sponsored Osterman Research to conduct the study by surveying 540 CIOs, CISOs and IT directors across the four countries.

What steps has your company taken to protect against ransomware? Is it enough? What about your personal system(s)?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by julian on Friday August 05 2016, @09:16PM

    by julian (6003) Subscriber Badge on Friday August 05 2016, @09:16PM (#384631)

    Fire one employee for negligence and watch how quickly the rest start taking security seriously.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Friday August 05 2016, @09:33PM

    by Anonymous Coward on Friday August 05 2016, @09:33PM (#384634)

    For a few months anyways. Then things will slowly start slipping back to how it was before. Good security takes dedication and willingness to take extra steps to make sure things are done right, most desk jockeys just can't maintain it. It's funny how inefficiently they are will to preform some tasks day in and day out, yet security never seems to be one of those things, it boggles the mind.

    • (Score: 0) by Anonymous Coward on Friday August 05 2016, @10:42PM

      by Anonymous Coward on Friday August 05 2016, @10:42PM (#384644)

      It's because they are not rewarded/evaluated/fired based on it.

  • (Score: 0) by Anonymous Coward on Saturday August 06 2016, @04:04AM

    by Anonymous Coward on Saturday August 06 2016, @04:04AM (#384692)

    Fire an employee for what is perceived as an honest mistake that anyone could make by other employees and watch yourself having a very hard time retaining any employees. Employees are expensive to replace and you don't want to encourage them to quit. This should be done with a whole lot of care if you want to go down this route.

    That's not to say you shouldn't be tough but I think educating them on how to avoid such ransomware, where to report it to if you suspect you have it, and emphasizing the importance of keeping it off your system would go a long ways.

    • (Score: 3, Insightful) by lentilla on Saturday August 06 2016, @12:46PM

      by lentilla (1770) on Saturday August 06 2016, @12:46PM (#384744)

      Bravo - good comment. The insidious thing about malware is that is sneaks up and catches people unawares by its very design. I'd wager that getting infected by malware is almost always an "honest mistake". I certainly agree with you that firing people in such a capricious manner would be counter-productive.

      educating them on how to avoid such ransomware

      This might be difficult. Could you design an effective training course? I think I'm well placed to design such a course: I've trained adults in the workplace and I understand computers. I'm at a loss imagining how even to begin to approach the topic.

      If I was asked for advice I'd trot out the usual suspects. Just off the top of my head: avoid certain classes of software (Acrobat, Flash, etc), minimise third-party ECMAscript, don't open documents with live content (aka "macros"), don't execute or install anything, don't allow your mail client to parse HTML, don't click links in emails (and most especially those from third-party domains or with markers that are likely to uniquely identify the recipient [like http://example.com/newsletter?id=bcbd4ad63bcbfa]). Unfortunately, most people would be unable to get much done if they were to follow my rules.

      At any rate, the rules go flying out the window the moment an email arrives [purportedly?] from the boss containing an Excel spreadsheet with macros with the text: "update the attached by close of business". If it's hard to explain malware vectors to staff, it's even harder to explain to the boss - especially with deadlines looming.