Ransomware attacks are on the rise. A ransomware attack, for those lucky enough to be unfamiliar with them, is a form of cyberattack in which the attacker attempts to extort money from a victim by threatening them with the loss of access to vital services. In some cases, this might mean threatening a website-crashing DDoS (Distributed Denial of Service) attack in the event that they do not pay up. More commonly, however, it refers to a type of malware-driven attack in which the victim is threatened with having their data published or permanently rendered inaccessible unless a ransom is paid.
These malware-based ransomware attacks may involve a vector such as phishing spam posing as a legitimate email attachment. In other cases, ransomware malware exploits security vulnerabilities with computer systems in order to install malicious files. Once these have been placed onto a computer, they rapidly encrypt valuable files, rendering them inaccessible.
Increasingly, ransomware attacks also send copies of certain files to the attacker, thereby giving them stolen data that they can leverage to bully targets into paying up. The only way users can gain access to their files or stop them being leaked online is to hand over money to the hackers, usually in the form of a cryptocurrency payment. That is, provided that the attacker is trustworthy enough to provide the decryption key and destroy any data they may have taken.
A major threat to organizations
As more people and organizations than ever rely on their computer systems, hackers have scaled up the number of ransomware attacks accordingly. The results can be devastating, particularly at a time when many businesses are already struggling to thrive (or even just survive) in the pandemic economy.
There are multiple costs associated with such attacks, not only including the ransom itself (if users elect to pay it, which is not advised), but also the cost of recovering their system or files, and the lost business caused by any downtime or the fallout of leaked data. According to one report published this year, the typical cost of addressing a ransomware attack — minus the ransom demand — is $730,000. In instances where the organizations paid the ransom, this cost rose to an average of $1.4 million. Upwards of one-quarter of organizations (27 per cent) targeted by ransomware attacks said that they had paid the ransom demanded of them.
It’s, therefore, no surprise to hear that ransomware attacks are one of the top insurance claims. According to figures from cyber-insurance provider Coalition, more than two-fifths of such insurance claims in North America (41 per cent) during the first half of 2020 were for ransomware attacks.
Ransomware attacks are getting smarter all the time. Alongside new techniques such as stealing data in addition to encrypting it, there are ever-growing numbers of ways to spread ransomware malware — from compromised websites to “malvertising” that exploits unpatched vulnerabilities in web browsers to the malicious use of messaging apps. In addition, attackers find fresh ways of getting around email spam filters and making messages appear legitimate, rather than mass mailings.
Protecting against ransomware
Protecting against ransomware attacks is one of the smartest moves organizations can make. Some basic best practice measures that can be implemented include ensuring that operating systems are kept updated and patched to protect against vulnerabilities, being careful about downloading and installing software (especially if it requests administrative privileges) and backing up files frequently. It’s also a good idea to ensure that you use different passwords wherever possible so that attackers cannot gain access to systems through credential stuffing attacks in which previously leaked passwords are reused to gain access to other services.
While these steps will not definitively stop ransomware attacks from happening, they will reduce the likelihood of such attacks being successful at disrupting work. Among the best and most comprehensive possible solutions is bringing in cybersecurity experts who can offer the proper endpoint protection solutions.
These endpoint protection platforms offer next-generation antivirus (NGAV) tools that can protect users against obfuscated ransomware, zero-day malware attacks with previously undisclosed signatures, and more. They can also offer firewalls and Endpoint Detection and Response (EDR) tools, which detects and immediately blocks attacks on endpoints the moment they arise.
Shut the barn door before the horse has bolted
Ransomware attacks have the potential to be incredibly destructive. Losing access to critical files and systems can be anything from incredibly frustrating to, in the event that a hospital or other healthcare facility is hit with a ransomware attack, possibly even life-threatening. Unfortunately, they’re not going away.
As computer systems are leaned on more heavily than ever, and giant networks allow malware to spread more rapidly, ransomware attacks will only become more prevalent. Fortunately, the tools are there to help users and organizations protect against them.
It’s important to act now. Don’t wait until you’re faced with such an attack to have to scramble and work out a solution.