Of all the cyberthreats facing your business today, few are as dangerous as ransomware — a nasty form of malware that can lock your hardware and software and hold it for ransom.

Chances are likely that your business has sensitive assets that could easily be taken hostage by hackers.  In a recent study, 47 percent of organizations had at least 1,000 sensitive files open to every employee. And 22 percent had 12,000 or more sensitive files exposed for every employee.

While ransomware has been actively spreading around the Internet for a few years now, the problem has gotten much worse over the last several months. In fact, IBM even stated that the ransomware problem evolved from being a nuisance to an epidemic in 2016. And this year, attacks are occurring at the same aggressive pace.

One of the things that makes ransomware so difficult to fight is that the threat landscape is constantly changing. Here are three recent ransomware updates that you need to be aware of:

1. Locky is back: Last year, Locky emerged as one of the most widespread variations of ransomware on the Internet. Then, it suddenly went cold in 2017 and reports of Locky infections plummeted significantly. Now, Locky is back and it’s much sneakier this time around. Locky will allow a hacker to embed a ransomware attachment inside of an email attachment. First, a hacker will send a phishing email containing a document in PDF form. When this document is opened, another box will be promoted asking the reader to open another file — a Word document that asks to run macros. Once this is executed, Locky is then downloaded and executed.
2. Ransomware has been gamified: Up until recently, ransomware payments were typically requested in Bitcoin. But now, this is changing. A new form of malware, “resenware,” will encrypt your data and then invite you to play a shooter-style video game. If you get a high score in the game, you get your data back. But the game is supposedly very difficult and frustrating for end users who are forced into playing it to regain their data.
3. Macs are being targeted: Cybersecurity researchers have discovered that Macs are being increasingly targeted by backdoor exploits and malware, including ransomware.  One type, called FindZip Mac, is especially dangerous as there is no known decryption key. So even if a ransom is paid, there is no way of unlocking it.

So, why is ransomware spreading so quickly around the Internet? Part of the reason is that it’s becoming incredibly easy for hackers to access it. All they have to do is go to a ransomware-as-a-service (RaaS) provider.

One RaaS solution, for instance, called “Satan,” first requires a hacker to register for the service online. Then, the hacker can download a free, high quality ransomware sample. Users can set their own price and payment terms. Satan will then collect the money, and take a 30 percent fee. Then, the service provides a decryption key for victims if a payment is received.

So as you can see, your business is up against a formidable threat right now. It’s no longer just lone hackers that you need to worry about, but an entire new industry of malware.

What can you do about this problem? Your best bet is to back up your business’s data so that when — not if — you get hit with a ransomware infection, you will not have to worry about forking over any payments or having to sit through what could very well be the most painful video game of your entire life.

Apex Technology Services — computer consultants serving greater New York City and beyond — can provide your business with the necessary guidance and tools for reducing the risk of a ransomware infection.

To learn more about how Apex can help your business, click here.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.