By Ron Benvenisti. Recently, I have received several calls from Lakewood and New York companies who have been hit by ransomware. I thought I would reiterate some of the things a business can do to avoid getting zapped in the first place.
Cybercriminals use ransomware to stop users from accessing their systems or files. They then threaten to leak, destroy or withhold sensitive information unless a ransom is paid.
Ransomware attacks can target either the data held on computer systems or devices. Once the ransom is paid, the crooks may (or may not) provide the victims with a decryption key or some software tool to unlock the encrypted data or device, but this is not guaranteed.
So, here’s some advice on how ransomware works, the damage it can cause, and how your business can mitigate ransomware attacks from occurring.
There Are Three Key Elements to A Ransomware Attack:
In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organization’s systems.
2. The Trigger
The attackers have control of the data as soon as the malicious software is activated. The data is encrypted and no longer accessible by the targeted organization.
3. The Demand
The victims will receive an alert that their data is encrypted and cannot be accessed until a ransom is paid.
The motives of cybercriminals deploying malware may vary but the end goal is typically that of financial gain.
4. The Cost
The average pay-out from ransomware attacks has risen from $312,000/£260,000 in 2020 to $570,000/£476,000 in 2021 – an increase of 83%. One report also showed that 66% of organizations surveyed were victims of ransomware attacks in 2021, nearly double that of 2020 (37%). It should be obvious for businesses to understand the risks and to put stronger defenses in place to combat the threats.
Ransomware ranks amongst the most common cyberattacks in 2022. It doesn’t take much talent or expense to pull off. The low level of effort required from the perpetrators yields an incredibly large return on investment. Ransomware attacks causes an average downtime of 3 weeks and can have major repercussions for an organization’s, finances, operations and reputation.
5. No Guarantees
There is no guarantee that data will be recovered after a ransom is paid. It is crucial to keep offline backups of your files as well as to proactively monitor and protect entry points that a hacker may exploit, to reduce the possibility of being targeted in the first place.
6. Who Is a Target
Cybercriminals typically target high-profile organizations, large corporations and Government agencies with ransomware. This is known as ‘big game hunting’ and works on the premise that these companies are far more likely to pay higher ransoms and avoid unwanted scrutiny from the media and public. Certain organizations, such as hospitals, are higher-value targets because they are far more likely to pay a ransom and to do so quickly because they need access to important data urgently.
7. Small Target = Easy Bull’s-eye
Ransomware groups are now focusing on smaller businesses, in response to increased pressure from law enforcement. Smaller companies are seen as easy targets because they are more likely to lack effective cybersecurity defenses to prevent a ransomware attack, making it easier to penetrate and exploit them.
Ransomware crooks are opportunists and will consider most organizations as targets, regardless of their size. If a cybercriminal notices a vulnerability, the company is fair game.
How Do You Get Ransomware?
1. Phishing Attacks
Phishing is a form of social engineering and is an effective method of attack as it relies on deceit and creating a sense of urgency. Threat actors trick employees into opening suspicious attachments in emails and this is often achieved by imitating either senior-level employees or other trusted figures of authority.
Malicious advertising is another tactic used by cybercriminals to deploy ransomware, where ad space is purchased and infected with malware that is then displayed on trusted and legitimate websites. Once the ad is clicked, or even in some cases when a user accesses a website that’s hosting malware, that device is infected by malware that scans the device for vulnerabilities to exploit.
3. Exploiting Vulnerable Systems
Ransomware takes advantage of neglected, unpatched and outdated systems. In 2017, a security vulnerability in Microsoft Windows, led to the global WannaCry ransomware attack that spread to over 150 countries.
It was the biggest cyberattack to hit the British National Healthcare System, costing $112M in damages plus the added costs of IT support restoring data and systems affected by the attack, and it directly impacted patient care through cancelled appointments.
The Four Keys to Defend Your Business
Businesses must first be aware of how a ransomware attack may affect their organization. Prevent cybercriminals from breaching their systems and holding sensitive data to ransom by performing basic standard cyber-security best practices. Up to 61% of organizations with security teams consisting of 11–25 employees are most concerned about ransomware attacks.
Oftentimes, ransomware attacks could be prevented simply by heeding manufacturers’ warnings and migrating away from outdated software. This is basic best practice to strengthen security posture.
Your business must take a proactive approach to cybersecurity by implementing the correct tools to help monitor, detect, and mitigate suspicious activity across your network and infrastructure. This will reduce the number and impact of data breaches and cyberattacks. Many of these tools are free and effective.
Four Steps to Stay One Step Ahead:
1 . Training
Cybersecurity awareness training is pivotal for businesses of all sizes as it helps employees to spot potentially malicious emails or activity.
Social engineering tactics, such as phishing and tailgating, are common and successful due to human error and employees not spotting the risks. It’s vital for employees to be vigilant around emails that contain suspicious links or contain unusual requests to share personal data, often sent by someone pretending to be a senior-level employee.
Security training also encourages employees to query visitors to your offices to prevent ransomware attacks via physical intrusion.
Implementing cybersecurity awareness training will help your business routinely educate and assess your employees on fundamental security practices, ultimately creating a security culture to reduce the risk of data breaches and security incidents.
2. Phishing Simulators
These simulator tools support your security awareness training by delivering fake but realistic phishing emails to employees. Understanding how prone your staff are to falling for a real cybercriminal’s tactics allows you to fill gaps in their training.
When you combine phishing simulators with security training, your organization can lessen the chance of falling victim to a ransomware attack. The combination of training and testing puts you in a better position to prevent the cunning attempts of cybercriminals to infiltrate your IT systems and plant malware.
3. Threat Monitoring
You can make your business less of a target for cybercriminals by actively monitoring potential threats. Threat Intelligence is a threat monitoring tool that collates data from various sources, such as penetration tests and vulnerability scans, and uses this information to help you defend against potential malware and ransomware attacks. This overview of your threat landscape shows which areas are most at risk of a cyberattack or a data breach.
Being proactive ensures you stay one step ahead of hackers and by introducing threat monitoring tools to your organization, you ensure any suspicious behavior is detected early for remediation.
4. Endpoint Protection
Endpoint protection is key to understanding which of your assets are vulnerable, to help protect them and repel malware attacks like ransomware. More than just your typical antivirus software, endpoint protection offers advanced security features that protect your network, and the devices on it, against threats such as malware and phishing campaigns.
Anti-ransomware capabilities should be included in endpoint protection so it can effectively prevent attacks by monitoring suspicious behavior such as file changes and file encryption. The ability to isolate or quarantine any affected devices can also be a very useful feature for stopping the spread of malware.
With ransomware groups continually looking for vulnerabilities to exploit, it’s important that businesses develop robust strategies to prevent ransomware threats: ensure your staff takes regular security awareness training, set up threat monitoring tools to detect and alert you of vulnerabilities, and implement endpoint protection to protect your devices across your network.
Following the above guidelines will increase your chances of safeguarding your business against ransomware attacks that could cost your organization a substantial amount of money and reputational damage.