The threat of ransomware attacks is on the rise in 2016. Ransomware itself has been around for decades and is constantly evolving. This presents a serious security challenge for both small and large businesses.

The good news is that larger companies are improving their security as they become more aware of the risk. But in an ironic twist, their improved security can be bad news for small or mid-sized businesses. With cyber criminals having less success with large targets, they are switching to companies with smaller security budgets and less experience protecting themselves from attacks.

Ransomware History Highlights

• 1989 – AIDS Trojan (a.k.a. PC Cyborg). This “generation one” ransomware was fairly easy to overcome as it simple cryptography and tools were quickly developed to decrypt affected files.
• 2006
  • Archiveus Trojan. This was the first ransomware to use RSA encryption. It encrypted all items in the MyDocuments directory. Victims were required to buy items from an online pharmacy in order to receive a password to regain access to their files.
  • GPcode Trojan. This spread via an email attachment which appeared to be a job application. It also used a more sophisticated encryption method.
• 2007 – WinLock. This did not use encryption. Instead, it locked out users while displaying pornographic images. It required users to send a $10 premium-rate SMS in order to receive a code to unlock their computers.
• 2008 – GPcode.AK virus. This was a variant of the GPcode trojan and used even more sophisticated encryption.

Explosive Growth of Ransomware

From 2012 until the present, there has been an explosion in the growth of ransomware. This was due in part to the use of anonymous payment services, which made collecting payments from victims much simpler for ransomware creators. Symantec’s Internet Security Threat Report from April 2016 show the alarmingly rapid increase in ransomware discoveries:

• 2012 – Reveton.
• 2013 – Urausy, Kovter, Nymaim, Cryptowall, Browlock.
• 2014 – Linkup, Slocker, CTB-Locker/Citron, Synolocker, Onion, TorrentLocker, Zerolocker, Coinvault, Virlock.
• 2015 – Cryptolocker2015, Symplocker, TeslaCrypt, BandarChor, Cryptvault, Tox, Troldesh, Pacman, Pclock, Threat Finder, Hidden Tear, ORX-Locker, Dumb, Encryptor RaaS, CryptoApp, LockDroid, LowLevel404, CryptInfinite, Unix.Ransomcrypt, Radamant, VaultCrypt, XRTN, Mabouia OSX POC, Power Worm, DMA-Locker, Gomasom, Chimera-Locker.
• 2016 (first quarter alone) – CryptoJocker, Nanolocker, LeChiffre, Magic, Ginx, 73v3n, Locky, Umbrecrypt, Hydracrypt, Vipasana, Hi Buddy, Job Cryptor, PayCrypt, and KeRanger.

How Can Smaller Companies Protect Themselves?

Since ransomware often blocks your access to your files, one of the best ways to protect your company is to make sure all of your data is properly and regularly backed up. At least one version of your backed up data will need to be stored in a system that is isolated from the rest of your systems. You don’t want your backups to be affected by the ransomware too!

You also need to make certain that your security patches and updates are deployed as soon as possible as these updates often involve security improvements to protect your company from known threats.

For companies without the same level of security resources available to them as larger companies, it’s also worthwhile to consider making use of companies such as Aperio–IT. We offer virtual CIO (Chief Information Officer) services, where we help you plan your IT strategy and budget.