Put yourself in this picture: Your organization has a pretty good handle on data security. You have a secure firewall and good anti-malware software running on your systems. You monitor network traffic for suspicious activity. You’ve trained your staff in good cyber hygiene, and reviewed your business partner contracts to make sure they’re doing their part to protect sensitive data. It’s “patch Tuesday,” your automated scripts are installing the latest security updates to your software, and you’re feeling pretty good until a staff member calls and reports problems accessing a data file. The next thing you know, ransom messages start popping up on user screens all over the company demanding payment to access their own data. Suddenly, you can’t control the digital information that is the lifeblood of your business, operations grind to a halt, and you have to make some hard decisions.
If you haven’t experienced ransomware yet, it’s probably just a matter of time. For cyber criminals, it’s an almost-perfect crime. For organizations and individuals, it’s their worst nightmare, and it’s just getting started. This series of articles looks at the epidemic of ransomware: what is it, how does it get into your systems, and what you can do about it.