Ransomware has been a popular term among data security experts for many years, but recently it has become more prevalent on the nightly news and among the public.
The Cost of Ransomware
It’s no surprise. The number of ransomware attacks has dramatically risen in the last five years, and it’s only getting worse. The number of attacks increased more than 90 percent in 2017 and businesses are frequently becoming targets, says the latest Small Business Snapshot report.
Some of the biggest ransomware attacks have come in the last couple of years. The attack on the city of Atlanta in 2017, which cost about $2.6 million to mitigate, crippled an entire community for months. Years of crucial data, like police dash camera footage, were lost.
Another attack, named “WannaCry,” attacked businesses all over the world in 2017, with the costs reaching up to $4 billion, according to some estimates.
It’s clear that ransomware attacks can create huge problems for companies, not only in terms of data and compliance, but also financially, as an attack can halt business for days, weeks and months.
How Does Ransomware Work?
Ransomware is exactly what it sounds like. It’s malicious software that threatens to publish or block access to the victim’s data unless a ransom is paid.
The malware usually arrives in the form of a Trojan, meaning it is disguised as a legitimate file or folder. That file can be sent via email, called phishing, or found online. More sophisticated ransomware attacks, like the “WannaCry” attack, actually travel through systems without user interaction.
If one user in a network clicks on a faulty link or file, some ransomware has additional payloads that allow it to be distributed across the network. That way if one machine is compromised, it reaches out to other machines on the network.
The rise of these ransomware attacks can be attributed to many factors, one being that they serve as a source of revenue for hackers. Two big ransomware organizations, CryptoLocker and CryptoWall, were estimated to have made well over $1 million by the time they were taken down by authorities.
The rise of cryptocurrency has also been a big factor in the increase of attacks. Cryptocurrency, like bitcoin, is difficult to trace. This allows attackers to make a profit without facing major repercussions.
When an attack happens, some companies will pay the ransom because the ransom would be less than the cost of lost business. Paying ransom goes against law enforcement recommendations. For the “WannaCry” breach, hackers demanded $300 from each attack, while the cost of lost business ran up into the millions of dollars.
As we’ve talked about in previous blogs, having an incident response plan is crucial. Many companies haven’t thought out a plan with a ransomware attack response. A plan will give your business steps to take in the case a breach happens.
If your business is breached:
- Make sure to contain the damage first
- Identify the threat and start the recovery process
- If it’s damaging enough that you are considering paying the ransom, contact the authorities. They may be able to offer advice. It can be a tricky situation, so having outside help is important.
Ransomware Protection: How to Prevent and Mitigate Damage
To stop these attacks before they happen:
- Always make sure to update your systems. Ransomware is constantly evolving, and these updates can prevent a breach before it happens.
- Back up all of your systems consistently and reliably to limit an attack’s damage. Having a backup of all of your data can mitigate the effects of the attack. Make sure that all your computers are fitted with updated virus and malware protection software. These programs are made to stop or prevent ransomware attacks.
As ransomware attacks become worse, creating a plan and having systems in place to mitigate any potential damage can make sure your business comes off relatively unscathed in the event of an attack.
With over 20 years of experience in information technology, Jake has a tremendous amount of knowledge around information security, risk management, and business continuity. He has worked directly with organizations across many verticals to advise their team on compliance auditability, cybersecurity threats and prevention, security controls & policies, and risk assessment.