As a small business owner, having a web presence is vital to growing your bottom line. Unfortunately, with a connection to the internet comes the possibility of getting malware. Malware is the term used for software that has a nefarious purpose (hence the term mal (bad), and ware, from software). Different types of malware are designed to do different things. Some of these viruses just serve to slow down your computer or use it to spread themselves using your contacts list. While that can be an inconvenience, there are two specific types of malware that you need to be aware of: Crimeware and Ransomware.
What is Crimeware
Crimeware is a general term for a virus that accesses a computer for criminal purposes. Most of the time you won’t even know they’re there; they just sit quietly and work in the background. What they are doing is stealing information that goes through your computer. This can include credit card information, vehicle information, or even proprietary company secrets. There have been some highly publicized crimeware intrusions, including the AshleyMadison.com hack that exposed their entire database.
You may wonder how criminals can profit from things like this, especially when they steal information that doesn’t seem that valuable, such as vehicle information, or even a list of users. All information is valuable, and lists of registered users on a site can sell well to hackers who will try to log in with false credentials.
Crimeware is delivered to a computer through a variety of methods, but they all take advantage of your carelessness. A common method is to send an email to you that looks like it comes from an official source, such as Amazon or Paypal. The email has an attachment that they ask you to open. As soon as you click on the attachment, a virus is installed on your computer without you knowing. And just like that, you’re infected. Other ways crimeware can be installed include taking advantage of you not downloading the latest patches or updates for Windows or a web browser. When you fail to update, any security holes that have been discovered remain for criminals to take advantage of.
Ransomware: A New Breed of Crimeware
Ransomware is a much more direct attack on you as a business owner. Rather than try to subtly steal information from monitoring your keystrokes, this type of crimeware will take direct control of your computer. It may completely encrypt your hard drive, making it impossible for you to log in, or it can redirect any attempts to access the internet to pornographic sites.
Once the ransomware is on your system, you’ll get a pop-up that will direct you to pay someone on the other end a nominal fee. The FBI estimates that the average fee for small business owners is about $300. It’s large enough that the criminals do get a good payout, especially when you consider how many computers they can infect, but it’s small enough that you will usually pay it as a “nuisance expense.” The payment will be made through gift cards or through an untraceable internet currency called bitcoins (BTC). Keep in mind, however, that paying the fee doesn’t mean the attacker will unlock your system.
Ransomware is much like other variants of crimeware, but because it pays so well, there were over 50 new variants discovered in the first half of 2016. Learning how to protect yourself is therefore vital to the security and operation of your business.
Tips to Lower Your Risk
The first line of defense lies in proper training of whoever will be using your computers. You and they need to be aware that links on email should never be opened. Likewise, unapproved websites should never be visited. You can have a firewall installed that will block sites that are known to have malware on them.
It’s also important that you keep your internet protection software up to date. That means a robust anti-virus suite that includes updates for new virus definitions. You also need to pay attention when Microsoft or Apple notifies you of a new update and install it as soon as you can.
Another way you can protect yourself against ransomware is to have a back-up system that runs nightly. That way if something does infect your computers you can purge them and restore them with a minimum of interruption to your business. That is why a nightly backup is essential. After all, a backup is only as good as how recently it was performed.
If you’re concerned about your infrastructure’s risk to crimeware or ransomware, Threat Sketch can help you. Our risk assessment takes into account your current asset structure, IT habits, and level of protection. With this information, we can build a risk profile specifically tailored for your company. Crafting multiple scenarios, we outline strategies to deal with them and the potential costs to you. Don’t let your company become the unprepared victim of a targeted crimeware attack.
About the Author: Jason Reynolds is a programmer and tech writer