Data Security: Ransomware-as-a-Service and What To Do To Avoid It

Ransomware-as-a-Service (RaaS) doesn’t sound like something you’d want to include in your technology toolset, does it?

Ransomware-as-a-Service (RaaS) doesn’t sound like something you’d want to include in your technology toolset, does it?

Data security should be high on your list of technology priorities. Similar to software-as-a-service (SaaS), RaaS is software that you–or one of your employees–download from the internet or click on a link in an email and unknowingly let loose on your network. While ransoms may be small-ish (typically $500 or less), paying a data hijacker will only encourage him or her to come back for more.

According to Sathya Thammanur of SonicWall, one of Entech’s vendor partners, there are three things you can do to protect your business from being held hostage by RaaS:

• Train your employees at least once per year.
  Security training should include identifying phishing attempts in emails as well as how to and not to safely download software from the cloud.
• Back up, back up, back up.
  If you have your data properly and completely backed up (off of your network, that is), you can restore it without paying a ransom–right after your network is cleaned up and secured.
• Get the right technology in place.
  Ensure that you have a current-generation firewall with active security services between your data and the outside world. And, make sure your firewall is completely up to date. An up-to-date firewall will catch most ransomware before it makes it to your network.

Keep in mind that this billion-dollar industry of RaaS is a growing trend by what USAToday calls “lazy criminals.” They add that you should consider having a plan of action so you can act swiftly if you do become a victim of ransomware. Recovering from a ransomware attack can take time, which means a loss of business productivity, as well as create a hit to your budget for remediation costs. 

If you do become a victim of ransomware, report it to the Federal Bureau of Investigation’s Internet Crime Complaint Center (www.IC3.gov), whether or not you’ve paid the ransom. The FBI is tracking such incidents.