It’s no secret that cybercrime has risen in recent years, especially when it comes to ransomware. Almost every quarter, we’re seeing stories in the news where companies had to pay millions of dollars to get access back to their data or systems.
Ransomware attacks are happening and they are impacting businesses on a global level. While we tend to hear about the big attacks, ransomware attacks can happen to businesses of ALL shapes and sizes and it’s imperative to take measures so you’re protected. Experts estimate that a ransomware attack will occur every 11 seconds in 2021, which includes small- and medium-sized businesses. Do you know how to help protect your business and educate your employees on how to be vigilant?
What is Ransomware and Why Does It Matter
To really understand how to protect ourselves, we first have to understand what ransomware is.
Ransomware is a type of malicious software that encrypts your computer and files so that you can’t access them unless you have a key to encrypt those files. It can also span your entire network and potentially infect all of the computers around you, including servers, computer systems, etc. Hackers behind the attack will demand a ransom, which typically includes a deadline, to provide you with the key to access your system.
In other words, hackers hack into your system, install the malicious software, lock you out, and demand that you pay to get back in.
Everyone is susceptible to ransomware attacks, regardless of the type or size of your business. No one is immune! Varonis collected a variety of ransomware statistics and facts that shed some light on the current landscape:
- Since 2016 over 4,000 ransomware attacks have occurred daily in the US
- Malicious emails are up 600% due to COVID
- The average ransom fee requested has increased from $5,000 in 2018 to $200,000 in 2020
- Experts estimate that a ransomware attack will occur every 11 seconds in 2021
- About 1 in 6,000 emails contain suspicious URLs, including ransomware
- Average downtime is 21 days after a ransomware attack
- 71% of those who are affected by ransomware have been infected. Half of the ransomware attacks that are successful infect at least 20 computers in the organization
- 42% of companies with cyber-insurance in place indicated that insurance only covered a small part of damages resulting from a ransomware attack
Ransomware attacks aren’t going away any time soon. Knowing about ransomware matters because everyone is susceptible to them. In a report released from Datto, 1 in 5 small- to – medium-sized businesses fall victim to a ransomware attack at an average request ransom of $5900. Their research also showed that “the average ransom demand is $5,900 [for SMBs] compared to the average cost of downtime coming in at a staggering $141,000.”
How Ransomware Attacks Happen
Now that you know exactly what ransomware is, let’s talk about how it happens.
Ransomware attacks can happen in a variety of ways. Some of the most common ways include:
- Phishing emails: a hacker sends out an email to a company that includes a malicious link. Someone could click on the link and download something onto their computer, allowing hackers to get into your system.
- Trojans: Trojans can act as update requests (e.g., anti-virus programs, Windows system updates, false “you’ve got a virus” notifications) prompting someone to download malicious software.
- Security vulnerabilities: Hackers can gain access by exploiting known network or security software vulnerabilities.
- Public Wi-Fi access or Internet cafe: one of the most common ways hackers can gain access is if someone uses public Wi-Fi or an internet cafe. Never ever use public Wi-Fi for online banking or any other confidential activity. Always connect to your hotspot or a secure network to do so.
Hackers also go after big vulnerable targets to get access to your system:
- OS disks
- Local disks
- Connected devices (e.g., USB, backup disk)
- Mapped network drives (e.g., NAS, file servers)
- Other accessible folders/shared local network
It’s imperative that your IT team knows how to secure your network to reduce the risk, but your biggest vulnerability is still the human element: your employees.
Why Companies Pay the Ransom and What Happens if They Don’t
Why do companies tend to pay the ransom? Well, it’s because they really don’t have a choice.
If backups failed or were lost, the only way to get back everything is to pay the ransom. This is why it’s so incredibly important to have backups and test that they’re working correctly on a regular basis. Work with your IT team to ensure backup testing is part of your standard operating procedure!
Companies also pay because history shows that it’s in their favor to do so. Statistics from Proofpoint show that about 70% who do pay the ransom do get back their data, about 20% encounter a second round of requests for payment, and about 10% don’t get their data back. While there is a risk you won’t get anything back after you pay the money, the ransom is typically far less than the amount of project lost revenue if you do get access back.
There have been examples where organizations have refused to pay and it was costly. For example, the City of Baltimore refused to pay a ransomware demand of $76,000 then spent an estimated $18M in remediation, new hardware, and lost/deferred revenue. The shipping giant Maersk reported an estimated $300M in losses after being hit with NotPetya attack. The attack affected 50,000 endpoints across 600 locations in 130 countries and interrupted operations for 10 days while they completely rebuilt their IT infrastructure.
Many hackers require cryptocurrency payment (e.g., Bitcoins), which makes it difficult to track and, therefore, prosecute. It could mean that they can come back and hack you all over again. Regardless, experts still recommend you pay to avoid the outrageous cost of rebuilding.
How to Protect Your Business from Ransomware Attacks
What’s the best way to prevent ransomware attacks? The answer is quite simple: company-wide education.
Your employees are the first line of defense. It’s important to instill email and website suspicion into your employees and teach staff NOT to click on any links or files unrelated to work. Inform them of the possible consequences of these actions. You can also test and educate by sending a false email with a traceable link to see who’s clicking and who’s not. (This is also something we can do for you!)
While there is only so much you can do from the technology perspective (which your IT team should already be doing), the best ways to protect your organization on the technical side include:
- Backups: Confirm backup routines are actively deployed and can be effectively restored. Backups could save you a ton of headache and money!
- Anti-virus programs: Scan both inbound and outbound emails regularly. Authenticate inbound emails with tools like Barracuda spam filtering.
- Firewalls and network access control: Block access to known malicious IP addresses. Provide concise configurations for access to files, directories, and networks. Update software and operating systems with the latest patches. Require two-factor authentication (2FA) for any/all remote access. Use content filtering.
- Group policy updates: Disable control panel and command line. Disallow removable media drives, DVDs, and CDs. Restrict software installations unless approved by management. Implement password complexity settings and disable guest accounts.
At the end of the day, hackers know that the best way for them to get into your system is through human error, especially through phishing attempts. If your employees don’t know what to look out for, they will likely be susceptible to attacks.
It’s vital that your employees have a good understanding of the risks and dangers of ransomware. Exact IT has the expertise and the experience to teach your organization what they need to know to safeguard your data. We’ll design customized training that fits the needs of your organization and staff members.
Participants in the training will learn:
- What ransomware is and how it works
- Ransomware prevention methods
- How to spot malicious links and phishing attempts
- Protecting your PC from other malware
You can’t deter every possible cybersecurity risk to your organization, but a crucial step to protecting your business is to educate your staff.