More money will be paid out this year on ransomware demands than ever before. Some reports say it could reach $1 billion. This is a huge rise of the $24 million reportedly paid out in 2015.  Nobody it seems is safe. Attacks have been reported at police departments, government offices as well as numerous small businesses. Ransomware is powerful as it leaves victims with the feeling that they have no choice but to pay up.

Ransomware now comes in many flavors some of which are getting pretty sophisticated. Criminals only need to make small changes in the ransomware code to avoid signatures recognition from security vendors.  Additionally, they now use multiple methods of deployment which again makes protecting systems more challenging. The most disturbing new development is the use of network communications. In this way ransomware can be brought into systems by unmanaged devices and through third parties.

Ransomware is big business that has grown into a serious problem that has affected millions of users and netted millions of dollars in profit. With such huge profits to be made the market is only going to grow and the problem will worsen.

So what can we do to protect ourselves? Well the golden rule of course is to back up your data, disable macros where possible and make sure your systems are up to date etc. etc. If you do get infected, you may be able to reset your BIOS clock to give you some breathing space until you find a solution or a data backup.

One very common way is to get infected is via phishing emails. In fact, this is a very common way of infecting systems full stop. These emails can be sent to any user in your organization and now can spread across your network very quickly.  As I mentioned earlier ransomware has a physiological hold over those it infects. Using technical jargon and complex encryption it fools users into thinking they have no hope.
What I am saying here is that in 2016 we have a $1 billion statement that says many of us are easy targets. It’s true that initially ransomware gained most success in small firms who had no backups and were only too willing to pay move on. But with such high sums to be earned it must only be a matter of time before more IT savvy companies are held to ransom.  Yet the protection methods are still the same, good network management and users of systems who are educated to the potential threats they may come across. Simply training end users on how to detect and deal with phishing emails would be a huge step forward. Couple this with an understanding of what ransomware is and how it operates would demystify the problem and help companies keep their feet on the ground if they are ever targeted. For me it comes back to having good cyber hygiene and a healthy cyber security culture within your organization. This is not difficult to achieve and is cost effective compared to the 1$ billion we are set to give away this year.