The rise of the digital age has brought with it a lot of benefits. More efficient operations, better data sharing, faster customer service, next day delivery, and access to information at the drop of a hat. However, it also comes with a dark side or two. One of those dark sides is the advent of ransomware.
Nearly every week there is news of a significant data breach at a major corporation and many of those breaches involve some kind of ransomware. Ransomware comes in various forms. In broad strokes, it is software installed by blackhat hackers that can be used to disable or disrupt that corporation’s operations unless the hackers are paid to remove that software. There are a lot of ways those disruptions can occur. They can lock down your servers, threaten to steal private data, threaten to release said data, threaten to release a virus into your system, or release a virus and then demand payment to get rid of it.
No matter what form it takes, ransomware is a menace and one that is growing, it currently is tied to about half of the data breaches in the healthcare industry. Given the intimacy of the data there and the importance of hospitals being able to keep their systems running, this is very concerning.
So, how do they get in? There are lots of ways that a creative and malicious hacker can get into a company’s servers. One of the more common and ironic ways they do this is by looking for backdoors in that company’s VPN. Once they are in, it is fairly easy to take control of an entire organization’s data and threaten to delete or release it. What is particularly galling is that they tend to take the ‘nice guy’ approach. The hacker group will email the target organization and just inform them that they noticed there was this problem and some bad things ‘could’ happen. Unless you pay them to ‘fix’ it of course. ‘Hey, buddy, nice servers full of data you have there. Sure would be a shame if something happened to them.’ So, you can pay them, or take a chance that might allow them to delete or release your data. None of those options is good. Paying them just incentivizes the behavior. Letting them delete the data would be a massive loss (unless you have a backup). And of those options, it could be argued pretty convincingly that the release of data is the worst. After all, in that situation, everyone knows that you got hacked and no one believes they can trust you with their data anymore. You could always get your IT department on the job and fix the issue themselves. However, that often takes a lot of time, time that the hackers will most likely not allow.
Fortunately, the various VPNs that are available are getting on top of this and frantically plugging all those backdoor security holes. However, you actually need to update your software. If you don’t, you miss all those fresh new security updates and you are leaving yourself open to attack. And honestly, if you are being lazy about updating your VPN or antivirus software, then you really only have yourself to blame if you get attacked. Or if your IT department isn’t staying on top of it, get new IT people. The dangers of leaving yourself exposed are not exactly a secret. If the issue isn’t with them, but with the software company not releasing updates fast enough, get your IT people to find new software. There are a lot of options out there.
One option that you as an individual can take is to sign up with TARTLE. The data we store is double encrypted – we can’t even get at it. That adds security to your data and puts you back in control. Companies can join us as well and include their data as part of the TARTLE data marketplace. That way you are putting your data further out of reach of bad actors and opening up another revenue stream as well.
What’s your data worth? Sign up and join the TARTLE Marketplace with this link here.
