Is Your Organization Protected Against a Ransomware Attack?
Cybercriminals are increasingly turning to ransomware to fund their criminal activities, and according to Forbes, these criminals are now more likely than ever to target small businesses. Though only the largest attacks make the news, cyberattacks, including ransomware, cost American companies millions of dollars each year, with the average attack in 2019 costing $13 million.
That sort of cost can easily cripple a small or medium-sized business, and according to the United States Cybersecurity and Infrastructure Security Agency (CISA), recovering data targeted by a ransomware attack can be challenging and may require the assistance of a cybersecurity expert.
What Exactly is Ransomware?
Ransomware is a form of malware (short for malicious software) that encrypts a victim’s files, holding them hostage until the ransom is paid. The ransom costs typically range between a few hundred dollars to a few thousand (depending on the criminal and the organization they are targeting), and most cybercriminals demand payment in cryptocurrencies such as Bitcoin.
Though ransomware has been around for decades, the invention of cryptocurrencies has made it easier than ever for cybercriminals to extort victims. The fact that cryptocurrencies don’t rely on central authorities such as banks also makes it harder to trace, hindering law enforcement efforts to identify individuals behind these attacks.
How Does Ransomware Target Systems?
Phishing is the most common delivery method for ransomware. This method involves trying to trick the user into clicking on a malicious link or opening a suspicious file, which then downloads the malware needed to encrypt files on that individual computer or the wider network.
Often, the only way to regain access to your files is to get the digital key required to unlock the file, which is held by the criminals and may be released to you once you pay the ransom. However, there is no guarantee the cybercriminals will honor their end of the agreement once you pay them.
Doxware is similar to ransomware, but instead of encrypting files, it involves threatening to release sensitive files unless the ransom is paid. As with other forms of ransomware, however, there is no guarantee the criminals won’t just release the sensitive files anyways, even if the ransom is paid.
What Should I do if my Device Becomes Infected?
The first thing you should do if your device becomes infected is disconnect the infected machine from the network (either by turning off your wifi or disconnecting your ethernet cable) and turning the device off. You should also disconnect any external devices (such as USB drives or hard drives) that could also become infected.
The main concern after a device has been infected by ransomware is that the ransomware will spread to other devices/systems in your environment. A common tactic by authors of ransomware is to spread laterally throughout your infrastructure and encrypt as many servers/files as possible to maximize the ransom. Therefore, much like a real life virus scenario, it is critically important to isolate and prevent the spread of the malware and to contain the outbreak.
Why Should I be Concerned?
As mentioned previously, ransomware can cripple an organization. Without access to critical files, business may grind to a halt. Even if the ransom is paid, and the encrypted files are released, a large organization may not be able to absorb the financial loss of the ransom funds.
A ransomware attack can also cost more than just money. Being unable to access critical files can impact employee productivity and result in a loss of business. IT and other employees may be pulled from their usual tasks to help address the attack, and not all data may be recoverable even if the ransom is paid.
Depending on how much publicity the attack receives, the victim organization may also suffer reputational damage, which could impact current client relations and make it more difficult to attract clients in the future.
What Can I do to Protect my Organization from a Ransomware Attack?
The best thing you can do to protect your organization is take preemptive measures. After all, the best cybersecurity defense is taking steps to avoid an incident in the first place.
To find out what steps you can take to safeguard your business’s digital assets, please read our blog post: Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.