Ransomware: How Hackers Can Hold Your Files Hostage
Scam Prevention
Canadian Bankers Association

Learn about ransomware: how hackers can hold your small business’ files hostage

Summary Points

Article

Ransomware is a type of malware (short for malicious software) that is downloaded onto your business’ devices when you or your employees click on an infected link, pop-up advertisement, or email attachment. Malware can also be installed by downloading malicious apps and software or visiting infected websites. Once the malware is on an internet‑connected business device, hackers can take control of your systems and shared network drives and encrypt (lock) your files before demanding a ransom payment.

How the ransom works

When files are encrypted your files and computer(s) are essentially locked; neither you or your IT team will be able to access the data stored on your computer(s) or mobile device(s) The scammers will then demand a ransom payment to give you the decryption key to unencrypt (unlock) the files.

Criminals will request various amounts of money to ensure the ransom is paid and usually ask for payment in bitcoins, or digital currency, so the payment can’t be traced. Keep in mind that even if you pay the ransom, there is no guarantee that criminals will unencrypt your files or that they won’t sell or leak your business or customer data online. Only eight per cent of businesses that paid the ransom received all of their information back according to the findings of a recent global survey.

Since it can be very difficult and sometimes impossible to recover encrypted files, the best way to protect your small business against a ransomware attack is to prevent the initial download of malware onto your business and personal devices.

How you can protect your business from ransomware

  • Install reputable, up‑to‑date anti‑virus and anti‑malware protection software on all your business devices and keep on top of updates. Instruct your employees to never disable anti‑virus or anti‑malware software and to accept updates when prompted.
  • Take the time to install the latest version of your business’ operating system and applications. Ensure your employees update the operating systems for company‑owned devices as well.
  • Backup your files frequently to an external source - like an external hard drive or cloud‑based storage - that is not linked to your computer. If they are linked, your backed‑up data could be encrypted too.
  • Be careful to not click on links or open attachments from unknown addresses.
  • Disable macros in documents. You could unknowingly download malware by enabling a macro, clicking on an email attachment, link or online pop‑up window.
  • Educate your employees on the ways to spot social engineering scams and the importance of the responsible use of the Internet to avoid downloading malware.

What to do if your business is a victim

It can be very difficult to unencrypt your files and remove the ransomware from your devices. If your business is the victim of ransomware, you can consider the following:

  • Remove the infected devices from your network. This will prevent the ransomware from spreading.
  • Check with your anti‑virus provider - if you are familiar with data recovery, you may try to remove the malware yourself. Some anti‑virus providers can detect this malware and may have instructions and software to help.
  • Consult an IT security specialist – a professional may be able to help you remove the ransomware and restore your files if you have them backed up.
  • Change your passwords – Change your online passwords, particularly for your business bank accounts. That will stop the criminals from accessing your accounts if they were able to access your passwords.
  • Report the scam – alert your local police and the Canadian Anti‑Fraud Centre.

Resources

The Canadian Centre for Cyber Security offers resources to help Canadian organizations understand the ransomware threat and take action to protect their businesses: cyber.gc.ca/en/ransomware.

Get Cyber Safe offers a Get Cyber Safe Guide for Small and Medium Businesses.

CyberSecure Canada is a voluntary certification program to help small and medium‑sized businesses protect themselves against cyber threats. The program helps businesses improve their cybersecurity knowledge and voluntarily showcase their adherence to a baseline set of security protocols. The free e-Learning series includes templates and how-to guides and certification is valid for two years.

Download the CBA’s Small Business Cyber Security Toolkit to help protect your small business from cyber threats.


Related Articles