Business segments becoming increasingly attractive target for developers cipher-malware. According to Kaspersky Lab’s report, based on data from Kaspersky Security Network (KSN), the number of attacks on the corporate sector in the period 2015-2016, compared with 2014-2015 grew six-fold (from 27,000 to 158,000).
This fact shows that the ransomware try to encrypt the data of each one in ten users B2B.
Cyber criminals who use ransomware attack often start businesses, especially small and medium enterprises (SMEs).
This trend is confirmed by IT Security Risks 2016 report from Kaspersky Lab and B2B International, where 42% of respondents from small and medium enterprises (SMEs) agreed that crypto-malware is one of the most serious threats they face last year.
For small companies, even though in the short period can lead to significant losses or even bringing all their operations stopped completely.
If a company has not taken appropriate steps to ensure the security of important data, then buy the decryption key from cyber criminals is the only way to recover the data.
However, this does not guarantee complete data recovery. The best way to protect enterprises from malware is to prevent attacks early on.
Kaspersky Lab experts recommend to companies of small and medium enterprises (SMEs) to follow the 5 steps following these simple safety rules.
1. Make a backup copy of all important files on a regular basis. Companies must have two backups. One in the cloud (eg Dropbox, Google Drive, etc.), and another in an additional server or on a removable medium if the data volume is not too large.
2. Use well-known and trusted service providers who invest for security. Usually you can find the security recommendations on the company’s website. They also published an audit of the security in the cloud infrastructure from third parties.
Do not assume that the cloud provider has absolutely no security issues, availability or data leakage. This raises the question, what would you do if you delete the data security provider.
There should be a data backup and restore process transparent data in conjunction with data protection and access control.
3. Avoid the use of security services and anti-malware software for free. Usually small businesses expect basic security features in free solution offered is sufficient.
Free security solution does provide basic protection, but often they fail to provide layered security support.
Instead, look at a special solution, which does not require a large investment, but is able to provide a higher level of protection.
4. Regularly update the OS, browser, anti-virus, and other applications. Cyber criminals use the vulnerabilities in the most popular software to infect users of the device.
5. Prevent the precarious situation of the TI – invite experts to configure enterprise security solutions. Small businesses typically do not have an IT department or a dedicated full-time administrator.
Companies rely only on employees who best understand IT issues to deal with computer problems, in addition to regular duty.
Do not wait until an incident occurs, use of IT support IT service providers to review the software and security configuration from the outset.
“Crypto-malware threat that is increasingly serious, not only the company suffered a loss of money for the ransom, but the business could be paralyzed during the recovery process file. Vector of attack is quite extensive including website, email, exploitation software, USB devices, and others,” said Konstantin Voronkov, Head of Product Management Endpoint Kaspersky Lab via email.
To avoid infection, he added, IT personnel must explain where the attack originated and these employees should not open email attachments, visit the web from untrusted sources or connect a USB device to a computer that does not have protection.
Voronkov said anti-malware solutions become important measure to avoid security incidents occur frequently.
If there are files of companies that are ciphered, it does no harm and is worth a try. If at all possible, to restore the file using the free facilities or key decryptor