Hackers cherry-picking businesses to infect with ransomware

Ransomware is on the rise, there's nothing new about it, but what's new is that hackers are now cherry-picking those businesses who they believe have more valuable data to try and extort more money.

Those are just some of the results posted in the 2016 Data Protection and Breach Readiness Guide. The guide, released by the Online Trust Alliance, aims to help businesses optimize online privacy and increase their security practices.

There's another interesting thing the report suggests: 91 per cent of those breaches could have easily been prevented, if the businesses remembered to do a few basic things on time, such as patch up a server, encrypt data or make sure its employees don't lose their corporate laptops.

Looking at breaches involving loss of PII (personally identifiable data), the NGO said hacks accounted for 34 per cent of all breaches, and employees were to blame for 30 per cent - due to a lack of internal controls.

“Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more,” said Craig Spiezle, Executive Director and President of OTA. “Cyber-surge pricing of corporate data is becoming widespread, increasing the impact and costs for businesses and their employees worldwide.

“As companies amass larger quantities of diversified data and increase their reliance on third party service providers, every business must have safeguards in place and be prepared to react strategically in the event of a breach,” said Neil Daswani, Chief Information Security Officer at LifeLock.

“Cybercriminals aren’t just targeting companies that collect consumer data, they are going after confidential high-value data from legal, accounting, architecture and engineering firms.”