Ransomware is becoming an increasingly significant threat to businesses all over the world. Companies face a constant barrage of cyberthreats, from brute force attacks to phishing campaigns. Ransomware strikes a special kind of fear into the hearts of business owners, leaving them vulnerable on a variety of different levels, from the financial repercussions of losing critical data, to reputational damage and loss of trust among customers.
Ransomware can affect any type of organization, large or small, with cybercriminals executing sophisticated techniques to target not only businesses, but government agencies, nonprofit entities, and, astonishingly, educational facilities and even hospitals and healthcare providers.
An attack typically begins with an assailant gaining access to an internal computer network via a phishing email or other type of compromise. Cybercriminals analyze internal systems to deduce assets and vulnerabilities. They then mount an attack, infecting and encrypting files, rendering them inaccessible by the victim.
Revealing compromised data
Finally, cybercriminals reach out to the victim, blackmailing them, demanding payment of a fee for release of the data. Nevertheless, even if payment is promptly made, the threat to the organization does not stop there. The hacker may simply fail to make good on their assurances or, increasingly, punish and humiliate the victim by publicly revealing compromised data.
According to cybersecurity analyst Mohsin Khan Mahadik, it is incredibly difficult to assess how widespread a problem ransomware really is, since many incidents go unreported, with victimized organizations reluctant to go public for fear of losing business. In many cases, victims pay off their attackers without reporting the incident. According to data from Statista, there were 187.9 million attacks in 2019 alone, although experts believe the figure could actually be much higher.
In 2017, the WannaCry ransomware attack targeted computers all over the world using Microsoft Windows. Cybercriminals encrypted data, demanding payment in Bitcoin for release. The incident involved more than 200,000 victims worldwide, infecting over 300,000 computers. Believed to have originated in North Korea, with the Lazarus Group the prime suspects, attackers infected computers in more than 150 countries, culminating in global economic losses estimated at $4 billion.
Cybercriminals are growing increasingly sophisticated
As cybercriminals grow increasingly sophisticated, the problem is becoming more difficult to prevent. For companies that fall prey to these monetized cyberattacks, the impact can be devastating, literally paralyzing business operations. It is therefore vital for business leaders to be savvy about preventing and defending against such attacks, recognizing that all businesses are vulnerable.
With 15 years’ experience in cybersecurity at a Fortune 100 company, Tim Bandos is Digital Guardian’s director of cybersecurity. He explains that every week, a barrage of new ransomware attacks hit the headlines, targeting businesses, organizations, and even hospitals and demanding that they pay a ransom to regain access to their data. As he points out, a victim’s first question is often “Could we have prevented this?” Bandos says there are multiple steps enterprises can take to protect themselves against malware, explaining that a layered approach is always the most appropriate.
Bandos advocates for installing anti-virus software across all endpoints within a business, ensuring that it is kept up to date. Although new variants are constantly being developed, anti-virus software is an important line of defense. He recommends using a multi-faceted cybersecurity solution armed with additional protective technologies, such as firewalls, heuristics, and behavioral-based threat protection.
Implementing security awareness campaigns
The second step is to implement security awareness campaigns among staff, ensuring that employees know the dangers of clicking on links in emails. Regularly backing up data, be it to a local storage device or to a cloud provider, can protect against data loss, but it is vital to remove the external storage device once the backup is complete to avoid ransomware infecting that, too.
GPO restrictions can be used to prevent ransomware and other forms of malware from installing. Patching third party software such as Flash, Adobe, and Java—all common access points for cyber criminals—undoubtedly prevents many attacks. Finally, restricting the administrative rights of endpoint users can also be incredibly effective in terms of reducing vulnerabilities.
With Covid-19 triggering a global transition to remote work, many employees continue to stay connected from their home offices. It is critical for IT departments to cover all the bases, fortifying the entire network. Periodically conducting phishing tests can help identify areas where further training is needed. It is also vital for systems to require strong passwords and multifactor authentication when users log on to the business network.
Countering ransomware attacks
In the United States today, government agencies like the Department of Homeland Security are focusing heavily on countering ransomware attacks. The Cybersecurity and Infrastructure Security Agency has developed a useful Ransomware Guide, helping business owners to develop an action plan to mitigate risk and respond to incidents. Ransomware creates a national security risk and economic threat, targeting enterprises of all sizes. As the Department of Homeland Security continues to prioritize anti-ransomware initiatives, it is vital that businesses of all sizes play a part in countering this multibillion-dollar problem, educating and informing staff at all levels of an organization to protect them from attacks.