What is ransomware? How to keep your business safe from these cyber threats

In the world of cyber security, ransomware is the next big buzzword.

"If you break it down from a simplistic standpoint, it's really a way to trick an organization or an end-user within the target organization to click on a link or a malicious URL. The ransomware then inserts, either knowingly or unknowingly, malicious code that can then compromise your corporate network," said Bob Buchanan, senior director of sales at RapidScale, a managed cloud services provider. "It sounds pretty simple — and unfortunately, it really is. It's so easy to mask attacks, so the end-user could think that it's a legitimate source."

Ransomware attacks don't discriminate against their targets, with instances happening in industries everywhere from education and healthcare to IT management and finance.

Through ransomware attacks, hackers usually demand a certain amount of money for the data or information to be safely returned. If a company doesn't agree to the terms, then they could be facing a massive, potentially business-ending data leak.

For Buchanan, dealing with the fallout is often a lose-lose situation. Prevention is key — especially for mid-market, smaller businesses.

"The first step is making sure that you have endpoint security and solutions around anti-virus and multi-factor authentication. When you're logging into the corporate environment, it should be from a secure device in a secure network," said Buchanan. "Step two would be making sure you have the ability to back up your data so that you can get the most critical data from a trusted source."

"We've got tools to ensure that our customers are educated and go through extensive online training so they know what a malicious email might look like versus something that's coming from a trusted source," he finished.

"There are two things that have made it a lot easier for you to get hacked. First of all, you don't have to be overly sophisticated to get a hold of malware that's all over the internet. There are new techniques that have been developed around encryption that allow a bad actor to just grab an entire storage drive or disc rather than just an individual file — there are even organizations that have ransomware as a service, where they go and recruit software developers and technology professionals to make these attacks," said Brian Baker, a senior cloud solutions consultant at RapidScale. "Over 80% of the victims that have paid the ransom to recover their data get attacked a second time by the same bad actor. There's a lot of vulnerability out there."

"It's not sufficient anymore for a leadership team to just say, 'Hey, here's how this works, and here's how people get attacked by it.' Now, you have to be willing to invest in some systems that are going to protect you. It's kind of like buying homeowners insurance — you don't want to have to use it, but when you need it, you really need it," said Baker. "Education investment is the first thing, but then a big piece of your security plan should be how you're backing up your data. Let's not back it up on-site, but instead leverage the cloud and other data centers — because ransomware will look for backups at a local level, as well. A zero-trust security model can have a significant impact on mitigating your vulnerability to a ransomware attack."

"We've got a very comprehensive security portfolio that includes multi-factor authentication and identity as a service, which includes things like email protection and threat protection and gives you a holistic view of how to protect your network," said Buchanan. "We can even help your employees, especially the task worker who may not be up to speed on what a threat looks like. It's probably not going to be the IT professional that clicks on the malicious link, it's more likely going to be someone that's far more susceptible."

While most people may not think they ever need to worry about a ransomware attack, these types of threats are becoming all the more common.

"It's not a question of will a company suffer a breach, it's when. Are you prepared, and will you know how to respond?" said Baker.