Ransomware & Why You Should Care

Ransomware has been the talk of the town for the last year, and that likely won’t end soon. These attacks jumped 485% in 2020. If you’ve waited in a long line for gas on the East Coast or tried to purchase beef at the grocery store in recent weeks, you and your wallet have felt the effects of ransomware.

 

Recent high-profile attacks on US critical infrastructure have put the spotlight on ransomware, but the problem has been growing for the last year. The risks are significant– 60 percent of small businesses close after an unsuccessful recovery from data loss and the average cost of downtime is $5,600 per minute. If you’ve seen phishing emails in your inbox, then attackers have already tried to target you.

 

Preventative strategies are the best way to ensure that your organization does not become a victim in the next attack. Below is our full guide to everything you need to know about ransomware– what it is, why you should care, and how you can protect your organization.

 

1. What is ransomware?

Ransomware is malware that locks an organizations’ systems. The attackers then demand a ransom. Often the ransom is requested in the form of cryptocurrency.

 

2. How do attackers get access?

Most commonly, cybercriminals gain access through phishing emails that contain attachments or links for users to click on. They can also launch brute force attacks. During these attacks, they guess access credentials until they get a password right.

 

3. Who do they target?

Anyone can be a target of a ransomware attack, but organizations that are most likely to pay the ransom quickly are the most likely to be victims. Healthcare institutions, for example, are often targeted because downtime endangers patients. Additionally, organizations or institutions that are vulnerable to an attack are common targets. These are often government systems or critical infrastructure, as we’ve seen in recent months with attacks on the Colonial Pipeline and JBS USA Holdings.

 

4. What happens during a ransomware attack?

  1. First, attackers have to gain access to your network. They often gain access when an employee clicks on a link or attachment in a phishing email.
  2. Once an employee clicks the link or attachment, the malware enters the victim’s system and begins locking files. In many cases, they will also attack backup files to ensure that an organization has no alternative way of regaining access to their system.
  3. The next phase of the attack encrypts all data, restricting user access to company systems.
  4. Then, the attackers will notify the user of the attack and provide instructions to regain access. This will include the proposed ransom, how to pay it, and the timeframe for payment.

 

5. Why do cybercriminals use ransomware?

Ransomware is the most lucrative cyberattack that one can carry out. The model for an attack is extremely repeatable and is designed as a mass attack, targeting thousands of users at once with phishing emails and making it more likely that someone will fall for the scam. Additionally, Bitcoin makes it easy for criminals to collect ransoms without being tracked. The combination of a high return on investment, low effort to carry out an attack, and a smaller risk of being caught have contributed to the widespread use of ransomware.

 

6. Why has there been such a large increase in attacks?

In the last year, the digital landscape has changed tremendously, opening up our world to new vulnerabilities that attackers have taken advantage of. Once COVID hit, there was a massive global shift to remote work that increased vulnerability due to unsecured remote systems.

 

Additionally, there is a growing ransomware trend amongst cybercriminals that makes it easier to carry out attacks. Ransomware-as-a-services is a business model that is gaining popularity amongst criminal groups because of its scalability. These groups make the malware and provide it to affiliates to use, often for a cut of the ransom payment. This model makes ransomware more accessible to those who may not know how to carry out an attack on their own.

 

7. How can I protect my company from these attacks?

There are a few key strategies that organizations can employ to prepare and protect against ransomware attacks:

  1. Provide basic cybersecurity education for employees. Education sessions may go over password security, how to spot a phishing email and company-wide security protocols.
  2. Require the use of multi-factor authentication when employees log into company systems.
  3. Ensure that cybersecurity is prioritized at every level of your organization.
  4. Regularly complete software updates and patching to ensure that the most up-to-date versions are installed.
  5. Create a business continuity and disaster recovery plan to ensure that organizational data is prepared for the worst, your disaster recovery plan is regularly tested, and there is a clear step-by-step strategy if a crisis arises.

 

8. How can I create a strong business continuity strategy?

A strong business continuity strategy will help your organization minimize data loss, enable 24/7 remote employee access to systems, and avoid costly disruptions. Creating a strategy that meets each of these goals requires the work of an experienced solution architect. Many customers come to us to make this happen. Our team of solution architects have experience with on-premises and cloud environments, and we have worked with hundreds of customers to develop a cost-effective, efficient business continuity strategy. When we develop a customer’s strategy, we discuss these key factors:

  1. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
  2. Communication channels with all teams responsible for DR​​
  3. Incident response procedure​​
  4. Action response procedure and verification process​​
  5. How and when to complete testing

 

Once we’ve established a customer’s needs in these areas, we provide a DR Run Book that includes detailed instructions for a disaster recovery scenario. Some customers also sign up for our DR-as-a-Service offering to ensure that they have 24/7 coverage from our team in a crisis.

 

The risk of disruptions from ransomware, natural disasters, human error, and more is inevitable. You have the power to reduce your vulnerability by thinking of data loss as a “when,” not an “if” scenario. We can help you get started – contact our team to schedule an assessment!