The COVID-19 pandemic caused an explosion of cybersecurity incidents, with ransomware chief among them. The total cost of ransomware attacks is expected to cross the $20 billion threshold in 2021, according to Cybersecurity Ventures, making them one of the most critical malware threats facing organizations in the digital economy.
It can be difficult for your organization to know how to prevent an attack and even more challenging to know what to do if you’re the victim of one. Continue reading to learn more about ransomware attacks and how to strengthen your organization’s cybersecurity.
What is ransomware and how does it work?
Ransomware is a type of cyberattack in which black-hat hackers gain access to an individual or organization’s private data information, encrypt the data, and then demand a ransom payment from the owner of the data to restore access via a decryption key. Attacks have ballooned in recent years, particularly since the start of the pandemic, as an unprecedented volume of personal and business activity has moved online.
Ransomware attacks are common but costly. According to a survey compiled by Sophos, 37% of organizations were subject to a ransomware infection in the last year. Those organizations were forced to shell out an average of more than $761,000 in 2019 alone, a figure that exploded to $1.85 million in 2020.
Contrary to what some believe, attackers don’t necessarily target the most lucrative enterprises; instead, they tend to cast a wide net, attacking several organizations of varying sizes at once, and then exploiting whichever one(s) they’re able to access.
The most common attack vectors:
- Email phishing: Phishing is consistently recognized as among the most common ransomware attack vectors. It occurs when a threat actor sends bogus emails to users containing prompts, attachments, or links from what is purported to be a trusted source. The email copy encourages unsuspecting users to either divulge sensitive personal information or download malware directly to their computers.
- RDP protocol: Remote desktop protocols (RDPs) enable multiple Microsoft Windows devices to connect over the internet without needing a physical connection. Without careful controls in place to ensure all RDP ports are closed after they are no longer operable; ransomware actors can easily gain access and encrypt exposed data.
- Software vulnerabilities: When system administrators don’t regularly update their firewalls and patch new security vulnerabilities, harmful actors can penetrate systems and steal key data. Once a ransomware attacker has breached your security, they have access to an enormous volume of your organization’s sensitive information.
How ransomware attacks can affect your business?
Ransomware attacks can have a tremendous financial impact on your business. While direct ransom payouts to attackers account for a huge portion of financial losses, they don’t end there. Systems and processes are usually forced to shut down temporarily in the event of an attack, making it impossible for you to continue running business as usual. You’re unable to deliver for your clients, and that can lead to further financial losses and damage to your brand.
A survey from TechRepublic found that 66% of surveyed businesses experienced “huge revenue losses” due to ransomware attacks, much of which resulted indirectly.
Here are some of the most damaging effects ransomware can have on your business:
- Hurts brand recognition: Ransomware is bad for everybody involved, and that includes customers. When operations are forced to go offline, customers aren’t able to get the products and services they’re paying for (at least not within a reasonable timeframe). That can cause anger and resentment to grow, and your brand’s reputation could be the main casualty.
- Damages trust: Data is the engine that drives the digital economy forward. Thousands of pieces of data are exchanged every day between customers and companies, an activity that is undergirded by a substantial degree of trust. When your organization is the subject of a ransomware infection, customers might see you as careless with their personal information. That can cause permanent damage to their trust in you.
- Disrupts your organization: Ransomware attacks are serious, and executive teams are sometimes forced to dole out punishments to help heal the brand’s image. Oftentimes, that means senior-level personnel who bore some responsibility for failing to prevent the attack are asked to step down or leave. Loss of revenue could also force executives to terminate junior-level staff.
- Forces permanent closure: In a worst-case scenario, ransomware attacks are sometimes so financially damaging that organizations are forced to close their doors permanently. While these instances are somewhat rare, a report from Atlas VPN did find that 31% of U.S. companies end up going out of business after a ransomware attack.
How to protect yourself from a ransomware attack?
Here are the recommended actions you need to take before, during and after an attack to protect your organization.
1. Monitor and identify
Hackers’ capabilities are constantly evolving, and that means you need a program in place that helps you monitor and identify vulnerabilities to your own assets and implement a disciplined patching program to reduce the attack surface. It is also important to pinpoint the latest developments in ransomware campaigns. This threat intelligence helps you better understand the capabilities of malicious actors so you can better plan and prioritize assets that need to be patched.
2. Detect and contain
Even the best security systems are unable to stop all attacks, so it’s critical that you have a way to recognize indicators of compromise (IOC) once a cyber criminal has penetrated your networks. Specifically, it’s important to establish a robust monitoring system to continuously analyze log data from across your applications and systems. These help you identify attacks as soon as they open, helping you take immediate action.
Once a ransomware threat has been identified, your critical infrastructure needs to be properly equipped to limit the spread of the attack, localizing it and preventing it from gaining access to system files in other parts of your organization. Collecting threat data not only helps you mitigate the damage caused by the current threat, it also helps you learn more about the latest ransomware trends and better plan for future attacks.
[Related Reading: Hunting Ransomware with Threat Detection]
3. Respond and mitigate
You need to carry out a full assessment of the attack to better understand its modes of operation. Information like which hosts were infected, how the attack happened and the degree of damage sustained are all key points of information your organization needs to gather.
Once this information has been gained and analyzed, you can harden other targeted assets. Any remedial action should involve multiple teams, partners and users from throughout your organization, ensuring that every stakeholder affected by the attack is able to provide input on updating your response plan/strategy.
Should you pay the ransom?
Law enforcement officials in the FBI urge organizations not to pay the ransom in exchange for the decryption key. Paying the hacker encourages future attacks against other people and organizations, and it won’t guarantee that you regain access to your data.
How to prevent ransomware attacks
One of the simplest yet most important measures you can take to prevent ransomware attacks is to properly instill best practices in your employees. In fact, CISO MAG found that 88% of security breaches were the result of human error. Train employees in recognizing and reporting any online activity that looks suspicious (particularly suspicious emails). Employees should know not to give personal information away on the internet unless they are certain they can completely trust the source they’re sharing it with.
While this isn’t exactly a way to prevent a cyberattack, it’s important to have data backups stored in a secure, off-site backup facility. Backups provide a safety recourse in the event of a security breach, helping you restore any data that’s lost to attackers.
A hacker can gain access to IT assets that have not been properly disposed of at the end of their lifecycle. If you’re replacing legacy components with new hardware or software, it’s critical that you destroy all stored data and work with a licensed third party to properly retire existing products.
Attackers are constantly developing their hacking capabilities, and that means they can identify new security vulnerabilities your current firewall may not be equipped to handle. The right security software will also inspect your entire IT network infrastructure to identify any possible security vulnerabilities, giving you the information you need to patch those weak points. You need to constantly update your security software to be better prepared against emerging threats.
Partnering with the right cybersecurity professionals
Cybersecurity incidents are on the rise, and it’s critical that your systems, networks, and processes are properly secured to ensure long-term growth and stability. That starts with having the right cybersecurity professionals on your side.
Our team of white-glove security experts makes cybersecurity easy and effective. They work with you to gain an intimate understanding of your business and security needs to provide you with the tools, knowledge and expertise to protect your organization’s precious data 24/7. All of this helps us develop an effective rapid response plan in the event of an attack.
Reach out to start revamping your cybersecurity strategy today.