Ransomware attacks have become more organized and, thus, are more devastating for businesses worldwide. The COVID pandemic’s impact and the rapid digitalization in response have created new opportunities for cybercriminals. As a result,ransomware is at the forefront of cybersecurity concerns.
This article covers ransomware threats and consequences, along with the common infecting methods. Additionally, the article gives practical advice on how to prevent ransomware attacks and minimize the damage if they happen.
Ransomware is a type of malicious software used for money extortion. Once cybercriminals gain access to the company’s IT environment, they lock or encrypt data until the company pays money (ransom). Cybercriminals usually demand payments in cryptocurrencies using anonymous payment systems. That’s why identifying an attacker becomes almost impossible.
Modern ransomware attacks follow a “double extortion” scheme. Along with encrypting data, cybercriminals threaten companies to delete or leak critical data to the dark web. By doing so, attackers put pressure on their victims and force them to pay. For example, in 2021, the ransomware gang REvil posted engineering and manufacturing schemas of Apple products when the company refused to pay a $50 million ransom.
As ransomware becomes an organized business, attacks are getting more sophisticated and devastating. More often than not, cybercriminals don’t choose their victims randomly. Instead, they check the company’s industry, finances and other information to get the most out of their attacks. Let’s take a closer look at the consequences.
In 2020, eight in 10 US organizations fell victim to ransomware, including more than 2,300 local governments, schools, universities and healthcare facilities. Even giants such as Acer, CNA Financial, Apple, Brenntag and Accenture couldn’t prevent an attack.
While organizations are focusing on digital transformation and remote work, they are more vulnerable to ransomware. Cybercriminals are using this opportunity to extend their reach. For example, only a few years ago, cloud storage was considered immune to ransomware. Today, 59% of successful attacks involve cloud data.
As the number of successful ransomware attacks grows, criminals are extorting even more money. In 2020, the average ransom payment almost tripled compared to 2019 and exceeded $300,000. Victims paid criminals $350 million in total, which is four times more than in 2019.
In 2021, cybercriminals want even more. Today, the average ransom demand is approaching $1 million. Cybercriminals broke a new record and demanded a stunning $50 million ransom from Acer earlier this year. This survey conducted by ransomware.org will give you a clear view of Ransomware.
Ransomware attacks often don’t give victims any choice but to pay up. In 2020, 26% of the attacked companies paid the ransom, while in 2021, this number reached 32%.
Unfortunately, ransomware payouts don’t guarantee that the company restores access to its data. Only one in 10 companies that paid criminals managed to get their data back. Instead, payments to criminals can fuel ransomware activity and trigger a vicious cycle. No wonder ransomware payments are officially discouraged worldwide (OFAC, FBI, Europol).
Ransomware puts companies at risk of violating data privacy regulations, such as the EU General Data Protection Regulation (GDPR). This can cost millions of dollars, let alone reputation loss. Attackers tend to set ransoms lower than possible compliance penalties. They expect that companies would rather pay ransoms than inform authorities and start the GDPR investigation.
The cost of recovery after an attack is another expense to be aware of. Research shows that ransomware causes 21 days of downtime, while full recovery can take more than nine months. On average, remediating costs, including downtime and lost orders, are 10 times the amount of the original ransom.
Ransomware is a real threat to your business. To mitigate risks, you need an effective protection and recovery strategy that relies on backups.
As the number of ransomware attacks is skyrocketing, you need to get ready for the worst-case scenario. For this, educate your employees of possible infection methods and take a proactive approach to ransomware defense and recovery.
Ransomware can infect your system in different ways. Here are the three most common methods:
- Phishing emails. In 2020, phishing emails caused half of all ransomware attacks. These emails can threaten, imitate emails from popular brands such as Microsoft and Google or lure you with a prize. Once you open a malicious attachment or click the link, criminals can steal your credentials, gain access to your system or encrypt it.
- Infected applications. Malware can penetrate your system in the form of an antivirus application or a software update from a legitimate website. Criminals can also use vulnerabilities of popular applications to incorporate malicious code.
- Rogue employees. Criminals can recruit your employees and offer them money for installing ransomware. Another threat is the rising popularity of ransomware kits that rogue employees can buy on the dark web. The use of these kits doesn’t require any technical skills. Insiders can use them to cause irreversible damage to the company.
As phishing remains the main source of ransomware attacks, a simple employee training program can boost your company’s ransomware resilience. This isn’t the only safety measure you can take, though.
A proactive approach will help you secure your critical data from cybercriminals and recover the data if an attack hits your system. Here is what your strategy should include:
- Antivirus software. Use antivirus to protect your system from known security threats and ransomware patterns.
- Regular updates. Updates fix security issues and system vulnerabilities. Always update your devices, systems, and software to ensure the maximum level of security.
- Multi-factor authentication (MFA). Enable MFA for all of the company’s accounts and social media.
- Email and spam filters. Configure filters to reduce the volume of spam and suspicious emails coming to employees.
- Ransomware awareness training. Educate your employees on how to recognize phishing emails and suspicious links.
- Permission restriction. Use role-based access control and the principle of least privilege. Don’t grant employees or applications more permissions than needed.
- Incident response plan. Provide employees with clear instructions on how to act if ransomware hits your system.
- Regular backups. Implement a reliable backup solution to enhance and automate your data protection activities.
- Verified backups. Test backups to ensure that your data is consistent and can be recovered in case of a ransomware attack.
- Disaster recovery plan. Configure your disaster recovery plan and automate failovers so they occur during attacks to minimize downtime. You also need to test your recovery process regularly to ensure that everything works.
This list isn’t comprehensive, but it shows the basic safety measures you can start with to enhance your ransomware defense and ensure business continuity in case of an attack.
Ransomware is the fastest-growing type of cybercrime. Today, any company, be it an industry giant or a governmental agency, can fall victim to a ransomware attack. As cybercriminals become more organized and craftier, companies often have no choice but to pay millions to get back their data.
Getting proactive is the best way to prepare for an attack and mitigate its damage. With ransomware awareness training, automated backup and disaster recovery in place, you can ensure that ransomware won’t take you by surprise.
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.