The amount of new ransomware has been increasing for three consecutive quarters and during the first quarter of 2015 we saw a particularly large spike—a 165% increase in new ransomware. Unfortunately, experts are predicting the trend will continue, so you need to prepare yourself and your team.

Why is ransomware so popular?

The short answer is that it is profitable.

When someone hacks a computer for data, there is a large time investment. A hacker has to sift through all the data for something valuable and then find a way to exploit the data on their own or find a buyer. Relative to this, ransomware is a small time investment.

After initially getting access to the computer, a hacker simply has to set up the ransomware message and a timer; the victim either pays or loses all the data. A hacker using ransomware does not have to invest time in searching through someone’s data or finding a use for it.

But what if people don’t pay? No big deal. Ransomware is a numbers game; hackers infect a lot of devices and get a pay out on some, but with demands being anywhere from $200 to $5,000, hackers don’t need many victims to pay to turn a profit.

How do you protect your business against ransomware?

While ransomware is often associated with personal devices, since late 2014 there has been an increase of ransomware attacks on businesses. For example, in early 2015 a Chicago police department paid $500 to retrieve their data and Advantage Benefits Solutions, a benefits company based in Houston, paid $400 to get the business back online.

Ransomware is a threat to businesses, but you can take steps to protect your company:

• Back up your data: 31% of SMBs have erratic or non-existent file backups —meaning they would have to either pay the ransom in the event of an attack, or lose the files. Backing up your data is the best way to protect your business.
• Careful what you click: We are sure as a security professional, “careful what you click” is one of your most used phrases—but keep saying it because employees need to hear it again. And again. And again.
• Update your software: No one likes updating software, but there are updates for a reason; old or unpatched software is the primary vector hackers use to infect a computer, so when prompted, click “update now” and take a coffee break while the newest version of software is being installed.

The surge in ransomware attacks is just one more reason for businesses to increase their investment in cybersecurity; it is better to pay for security than to pay a ransom.