The recent headlines showing the increased threat of ransomware are sobering and deserve your attention. Your organization should take the time to recognize the reality of this danger and take the proper steps to protect your company.
In this article we will give some background on ransomware, discuss why it is an increased threat, and give recommendations on how your organization can best protect itself from its impact.
What Is Ransomware?
Different forms of ransomware have been around since at least 2005, but the types that have become more advanced and widespread are known as Locker-Ransomware and Crypto-Ransomware. The first version takes control of all aspects of a company’s website and then displays a message on the website demanding a specific ransom be paid before they will restore control back to the company. The second type is a more advanced malware that encrypts files, folders, and hard drives and can only be decrypted with a special key. The ransomware criminal normally demands a ransom of Bitcoin to allow access to company data or to provide the decryption key to the victim. Many companies have given in and paid the ransom, which sometimes results in regaining access to their data, while sometimes the cybercriminals keep all or some of the data even after the ransom has been paid.
Who Are Behind These Attacks And How Do They Gain Access?
Ransomware attacks are being carried out by a variety of independent hackers as well as organized criminal gangs with access to powerful technology. The rising acceptance of cryptocurrencies has made it possible for these criminals to get payments that are virtually untraceable.
These threat actors gain access to company networks and systems primarily through phishing attacks on employees using unsolicited emails, links, and attachments. Employees may click on sites that appear to offer valuable information or offers, or they may be tricked into thinking they are responding to a request from management, other employees, or clients. Many users have fallen victim to attacks by clicking on official-looking sites that appeared to offer information on COVID-related issues.
The huge number of employees working remotely, some of whom have been using their own less well-protected devices, has also provided more inviting targets for cybercriminals. In addition, advanced criminals have invested significant time and money developing new tools that analyze user behavior and find innovative ways to steal legitimate passwords.
Once the ransomware is released in a network it is designed to immediately search out important data files, lock out legitimate users, and encrypt anything it determines is essential to the organization.
In response to companies that refuse to pay for a decryption key, threat actors are also using new extortion tactics to pressure companies to pay their ransom, such as through the exfiltration of victim data. For example, if an organization has adequate backups and refuses to pay for a decryption key, the criminals will threaten to publicly release sensitive financial, customer, or personnel data. Cybercriminals are also devising and threatening to use insidious delayed denial of service options, which can reappear and disrupt future operations. This new threat is another disturbing way threat actors can put continued pressure on organizations to make ransomware payments.
The Impact Of A Ransomware Attack
The impact of ransomware can be devastating in a variety of ways. First, there is the matter of paying a substantial ransom amount for a result that too often does not return critical data. Second, there is the damaging cost in time and resources brought about by disrupted operations. Finally, there is the psychological impact on employees, partners, and customers from suffering this data breach. This can quickly translate to a tarnished reputation, lost customers and partners, as well as an exodus of valuable employees. All of these factors will negatively impact an organization’s bottom line.
Some Sobering Ransomware Statistics
Recent security analyses conducted by eWeek and Sophos revealed these disturbing results from 2020-21.
- A new ransomware attack occurs approximately every 11 seconds.
- There were ransomware attacks on 51% of the companies contacted.
- 32% of companies paid ransom to the cybercriminals.
- The average ransom paid for each attack on small businesses was about $6,000 with larger companies paying an average of $180,000.
- A set of software tools necessary to launch an effective ransomware attack only costs about $50.
- Even after paying the ransom, only 8% of companies recovered all their data with the average company recovering about 65% of their data.
- The most hard-hit private sectors were retail and education with 44% of companies being impacted.
How To Best Protect Your Organization Against Ransomware
In order to best protect your company against the negative impact of ransomware, we offer the following recommendations.
- Educate employees with mandatory security awareness training, which emphasizes good cyber hygiene including responsible internet and email security behavior.
- Implement strong password and multi-factor authentication protocols.
- Limit the number of employees with access to sensitive information. Ensure that these employees are rigorously trained in data security issues.
- Inventory all sensitive information storage locations and dispose of any data that is not necessary for operations.
- Utilize the strongest and most up-to-date anti-malware solutions on your entire network. Ensure all hardware and software is monitored and updated automatically with the latest security patches and features.
- Maintain effective firewalls and robust backups of all critical data, including at least one offsite backup location. In the event that ransomware gets by your security layers and does infect your network, your company will then have the ability to restart your systems using the backups instead of having to pay any ransom.
- If your organization ultimately decides to pay a ransom, work with a ransomware expert to negotiate the most favorable terms.
- Purchase a cybersecurity insurance policy. This type of insurance is a risk management tool that comes in various forms with the main goal of mitigating the impact of any malicious cyber events. Make sure your company purchases a version that covers ransomware payments up to $10,000.
Consult With A Trusted IT Support Partner Like Network Depot
This is the most important recommendation we can give your organization. A cybersecurity expert like Network Depot will conduct vulnerability scanning and penetration testing of the company website and web applications to assess the vulnerability of your network. They will then recommend, implement, and maintain the most effective tools and policies to keep your network secure. A reliable IT partner will also ensure that your organization’s disaster recovery plan includes a comprehensive response to the ransomware threat.
With the valuable information and recommendations in this article and the assistance of a trusted IT Support partner, your company will be well prepared to meet the real challenges presented by ransomware. Protected against the negative impact of ransomware and other cybersecurity threats, your organization will be able to keep its focus on achieving your unique mission.