Skip to content

Licensing

Ransomware on the Rise

← All articles
Filed under Licensing

Written by:
Lara K. Forde, Esq., CIPP/US
Matt Peranick, CIPP/US, CIPP/CA

Ransomware is now the number one security concern for businesses. Estimates from the FBI put ransomware on pace to be a $1 billion dollar source of income for cyber criminals this year. The ransoms have doubled over the past year as studies show almost one half of businesses surveyed have been targeted, and more and more often are paying the demand.

Hospitals, school districts, law firms, state and local governments, law enforcement agencies, and small businesses - these are just some of the entities frequently targeted by ransomware. Ransomware is a popular type of malware recently that encrypts, or locks, all files it can find and demands a ransom to release them.

Not being able to access critical data can be catastrophic for organizations. Ransomware can impact a business in terms of lost data or proprietary information, disruption to business operations, financial costs to restore systems and files, and the potential harm to their reputation.

In a typical ransomware attack, victims will open a phishing e-mail that contains the ransomware. Victims may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Other times, the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with ransomware.

Once ransomware is downloaded, it begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached. Users and organizations are generally not aware they have been infected until they can no longer access their data, or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key.

These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only increasing; they're becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails. However, since e-mail systems have advanced spam-filtering techniques, cyber criminals have turned to spear phishing e-mails targeting specific individuals.

Prevention Efforts

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization's data. (i.e. Share this article with fellow employees.)
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts. (i.e. No users should be assigned administrative access unless absolutely needed.)
  • Configure access controls, including file, directory, and network share permissions appropriately. (i.e. If users only need read specific information, don't give write-access to those files or directories.)
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations. (e.g. temporary folders supporting popular Internet browsers, compression/decompression programs.)

Business Continuity Efforts

  • Back up data regularly and verify the integrity of those backups.
  • Periodically test the effectiveness of your backup restoration procedures so you can ensure a rapid recovery.
  • Secure your backups. Make sure they aren't connected to the computers and networks they are backing up.

© 2016 ePlace Solutions, Inc.

ePlace Solutions, Inc.

Founded in 1999, ePlace Solutions, Inc. (ePlace) is an industry-leading risk management consulting firm focused on preventing data breaches and mitigating the costs and damages of security incidents. ePlace's risk management services deliver resources, best practices and practical guidance to help organizations effectively manage cyber risks. ePlace currently provides pre-breach cyber risk management services to over 20,000 organizations throughout the United States and serves as the risk management provider for leading cyber insurance carriers.

ePlace is a risk management information and consulting service, not a law office. Neither ePlace nor the attorneys on staff at ePlace are providing legal advice. The materials and advice available through ePlace are provided "as is" and without any warranties or conditions of any kind either express or implied.

ePlace Solutions, Inc.
410 W. Fallbrook Avenue, Suite 105
Fresno, CA 93711
800-387-4468
www.eplacesolutions.com

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Licensing

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

Licensing Challenges for Mortgage Servicers

Licensing

Licensing Challenges for Mortgage Servicers

Mortgage servicers play a central role in the housing finance system. They collect borrower payments, manage escrow accounts, respond to customer inquiries, and step in with loss mitigation or foreclosure processes when borrowers fall behind. Servicers act as the day-to-day managers of loans after origination, ensuring that cash flows properly between borrowers and investors. Since [...]

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Licensing

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Cash flow is the lifeblood of every startup. When customers delay or default on payments, even the most innovative ideas can stall. Founders often face a critical challenge: Should we collect overdue invoices ourselves, or hand them off to a third-party debt collection agency? Outsourcing debt collection - sometimes called debt recovery outsourcing - has become increasingly common for [...]

Ransomware - Putting Your Company, Your Clients and You at Risk

Insurance

Ransomware - Putting Your Company, Your Clients and You at Risk

Columbia Ultimate (now part of the Ontario Systems family) posted an interesting article on its blog in April about "ransomware" and how it can affect your agency and your clients. What is ransomware? Just what it sounds like. "Ransomware is an access denial type of malicious software that can come from just about anywhere a [...]

The Real ROI of Collection Strategy

Licensing

The Real ROI of Collection Strategy

The Real ROI of Collection Strategy Almost everyone I talk to in the industry rates innovation as a top priority, especially today. The economy will recover, but your strategies will determine how well you do. Not long ago, in my former role as the leader of collections strategy for a major bank, I led a [...]

Reduce Lawsuits and Increase Collections with Words That Work

Licensing

Reduce Lawsuits and Increase Collections with Words That Work

Guest Post by Mary Shores Think of a time when you had to call consumer service. How did you feel before you made the call? What about during the call, and after you hung up? Many would say we experience frustration, anger, disappointment, or confusion. Now it's time for the big question: how do your [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.