Small businesses should practice 3-2-1 back-ups to help combat ransomware
The likelihood of a business being a ransomware victim is significantly greater today than it was a year ago. According to a study by Trend Micro, a digital security company, the volume of new ransomware families identified in the first six months of 2016 is 172% greater than those seen in the entire year of 2015.
The study states that the new ransomware is increasingly targeted to specific business-related files, such as tax return files or database-related files. Some types of current ransomware delete the encrypted files if the victims don’t pay by the deadline. Other types increase the ransomware demanded when the victim does not pay by the deadline.
Trend Micro further identified how ransomware is spread. According to their research:
76% spread by spam
16% spread from apps stores, compromised software, or direct hacking
8% spread by exploit kits, malvertisements, or compromised websites
FBI Alert
The FBI issued a Public Service Announcement (PSA) on September 15, 2016 asking ransomware victims to report incidents to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov . The more the FBI knows about specific ransomware attacks, whether the business pays or not, the better informed the FBI will be to investigate and prosecute the criminals.
What your business can do
The best defense to ransomware is preparation. Many security experts recommend following the 3-2-1 backup approach:
3 copies of your data
2 devices with your backups stored locally, such as a hard drive and a removable drive
1 copy of your backups stored off site, such as on a cloud service
Depending on how sensitive your data is and how crucial data frequency is to your business, you can plan your backup periods. For example, some businesses may need to back up the local copies every hour and the offsite copy every night. Others may be able to recover sufficiently with nightly onsite and weekly offsite backups. If you have multiple kinds of data, you might need to back up some data more frequently than other data.
About the author
Carolyn Schrader is Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.