The worst thing people can do when it comes to criminals is underestimating them. That goes for the in-person kind and the cyber kind as well. In the early days of ransomware on the Internet, hackers were targeting individuals through their phones, emails, or social media accounts. They would trigger the ransom note, demand a Bitcoin payment, and threaten to delete sensitive files if the demands were not met.
The thing is, criminals, overestimated how attached to their files people were, how many of them had even the faintest idea how Bitcoin worked, and how many of them were willing to negotiate with criminals.
In short, the hackers who went after individuals with ransomware often fell short of their marks, either because of technological deficiencies or because people simply couldn’t or wouldn’t pay the money.
Ransomware attacks hit a two-year low two years ago, but are on the rise again as hackers take on a new strategy: attacking businesses
On the service, you would figure that businesses have much better security on their systems than the average person, but it turns out that is a fallacy of logic. Small-to-medium sized businesses and startups often scrimp on security or go into business with the strategy that they don’t need security because no one knows about their company yet or no one would want to attack it because it has little in the way of assets.
This is precisely the sort of poor logic that hackers pray on. They routinely checklists of newly acquired domains and then wait them out until they are up and running to try an attack.
Bigger, more established businesses are often targeted just after operating systems or anti-spyware software warn of holes in security and send out patches and updates. Laziness is one of the biggest contributing factors to malware getting on company computers. If IT departments do not ensure that everyone is following proper protocol for Internet security, it provides a window of opportunity for hackers to move malware through exposed systems.
The third component is that businesses are more at risk of losing vital information than the average person is. If the only things on your personal computer are family photos and your MP3s, are you really going to figure out how to pay $650 in Bitcoin to some random criminal who may or may not actually return access to you?
But business networks have proprietary information, employee personal information, financial information, and much more that easily carries a higher price tag. If a company’s IT department can’t walk back the ransomware and find a system reboot point, then paying the ransom becomes a very viable option for most C-suite level employees.
The Bottom Line
Most businesses don’t realize the value of really powerful anti-ransomware solutions until it’s too late, which is ironic given that the relatively low cost of the software is much less expensive than trying to pay your IT staff overtime to fight through the malware or biting the bullet and paying the ransom, with no guarantees of it working.