A lot of people may think that ransomware virus is a new type of virus that became popular in recent years. Ransomware viruses have been around for almost 20 years. In fact, the very first ransomware virus was back in 1989 as the AIDS trojan (PC Cyborg Virus). It was released via floppy disk in 1989. Victims needed to send $189 (If only if these were the prices today) to a P.O. box in Panama to restore access to their systems, even though it was a simple virus that utilized symmetric cryptography.
Despite its long history, ransomware attacks were still not that widespread well into the 2000s – probably due to difficulties with payment collection. However, the emergence of cryptocurrencies, such as Bitcoin in 2010, changed all that. By providing an easy and untraceable method for receiving payment from victims, virtual currencies created the opportunity for ransomware to become a lucrative business.
As it started to gain more mainstream appeal, ransomware developers recognized it as just the method of monetary extraction they’d been seeking. Bitcoin exchanges provided adversaries the means of receiving instant payments while maintaining anonymity, all transacted outside the strictures of traditional financial institutions.
This year alone there were (as of yet) 175 recorded ransomware virus attacks. All types of business from schools, hospitals, credit unions, small business,and large businesses.
Companies need to have a plan in the likely event that their data will be compromised. The best way to mitigate the risk of being a victim of a ransomware attack is to always back-up your data, as often as your business can. In some businesses where you need real-time data or don’t have the time to recover your company data for your entire company, having funds allocated for a situation where you do have to pay the ransom. Or purchase Cyber Insurance that covers ransomware and other common viruses.
Ask yourself, “How much time needs to go by, before you’re losing more money than what the attacker is demanding?” Once you figure that out, that’s when the company needs to make a decision. One doesn’t want to encourage the idea of always paying the ransom, just want to make sure it’s an option.
Taylor Allaire, CISM, CDPSE Information Security Manager