The editors at ZDNet have proclaimed 2017 The Year of Ransomware, and no wonder. Our network security news feeds this year have been full of warnings about malware variants with names like Petya, NotPetya, WannaCry - and last month's outbreak, which was dubbed Bad Rabbit.
While most organizations have done a pretty good job of educating their users on how to identify phishing emails, the bad guys have come up with new ways of tricking users into infecting their networks. NotPetya was spread in the Ukraine through a backdoor from a popular accounting package. And BadRabbit's payload was delivered by spoofing a Flash update request on compromised websites.
This year's most destructive worms exploited tools that were apparently stolen from a hack of the NSA. And ZDNet notes that a Bitcoin payday may not be the ultimate goal of Bad Rabbit's perpetrators:
"Trojan malware or stolen credentials could give attackers outright access to the network, even after the 'ransomware' infection has been dealt with, so organizations could potentially give in and pay a ransom to criminals who then remain able to exploit vulnerabilities in the network."
The thing to remember is that this problem isn't confined just to Fortune 500 companies. The SMB market is a ripe target for ransomware exploits because many small to medium companies simply don't have the resources to prevent, monitor, and educate their users on how to protect themselves from infection.
We've put together a security infographic that lays out the extent of the problem in the coming year ... and maps out some of the measures you can take right now to protect your business data.