When it comes to protecting information and preventing ransomware attacks, common sense behavior such as frequent backups and patching, and avoiding questionable attachments and macro execution can go a long way. However, there are some other methods to further prevent the frustration, or at least the financial loss, associated with ransomware.
For some background, ransomware is, well, exactly what it sounds like: malware that holds your computer’s data at ransom. Through a bit of social engineering, criminal groups or individuals can encrypt files or entire drives and demand payment for decryption keys. In addition, even if those affected do pay the ransom, there is never a guarantee that their data will be fully restored.
Ransomware variants, such as Locky and Cryptolocker, typically originate from corrupted email attachments. Some other variants however, such as Dogspectus, quietly install themselves onto devices, through no fault of the user, via malicious advertisements (malvertising). Regardless of the method, once a device is infected, local files are encrypted, and a notification is sent to the user indicating that a decryption key will be provided upon payment.
Through the evolution of threats like ransomware, the state of the cyber landscape is becoming more predictable—with attacks such as these shifting from less of an “if” to more of a “when”. And while cyber liability insurance is nothing new, many coverage providers have yet to fully address the elephant in the room that is ransomware, which has become an undeniable threat, with damages exceeding $1 billion in 2016 alone.
However, ransomware protection itself is still somewhat niche, often being offered at a significant cost, that can unfortunately outweigh its value. This insurance is also occasionally offered as third-party coverage, resulting in insurance loopholes and in the end, leaving people unprotected.
And while organizations may benefit from ransomware insurance, protecting yourself on an individual level is also important. For some additional support, companies like Kaspersky and Symantec provide ransomware decryptors free of cost. Not all keys have been cracked, but the makers of these products are fighting back to save users a lot of headaches and a lot of money.
Hopefully the influx of ransomware attacks catches the attention of not only insurance providers sooner than later, but also more companies like Kaspersky and Symantec, in an effort to fight against this growing threat and protect individual users and organizations as a whole.