Ransomware is a type of malware that blocks access to a victim’s data until a ransom is paid. The ransom demand comes with a deadline, and the attacker may threaten to publish or permanently block the data if the deadline isn’t met. This article will explain how ransomware attacks typically work, their financial impact, and steps your business can take to mitigate risk.
How a ransomware attack works
The two most prevalent types of Ransomware are locker ransomware and crypto ransomware. Locker ransomware block device access using a lock screen, which blocks user input. Crypto ransomware, on the other hand, encrypt data on a system, which makes the drives contents useless without the decryption key.
Ransomware infections typically start with phishing emails. When an unsuspecting user clicks on a URL or opens an attachment that is malicious, a ransomware agent is installed and starts to encrypt files on the device and attached file shares. After the attack, victims are usually notified with an on-screen message to pay the ransom, usually with cryptocurrency such as Bitcoin.
If the ransom is paid, the file decryption key becomes accessible. However, decryption is not guaranteed, as there have been cases where victims never receive the keys. Additionally, even if the ransom is paid and the data is released, some attackers leave behind backdoors for persistent access to the compromised network.
Financial implications of ransomware attacks on businesses
While ransomware attacks originally focused on personal computers, businesses of all sizes have been increasingly targeted. According to a survey conducted in 2020 by Sophos, the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is $732,520 for organizations that don’t pay the ransom, rising to $1,448,458 for organizations that do pay. Globally, the monetary losses due to ransomware and other cybercrimes in 2020 is estimated to be approximately $945 billion, according to a report by CSIS and McAfee.
The best defense is a good offense
Considering the hefty costs associated with recovering from ransomware attacks, it’s far more cost effective to develop a multi-layered security strategy. Here are some ways of improving your business’s resilience to ransomware attacks:
Routine security risk assessments – Understanding potential security threats and the impact they may have helps to build a security strategy that suits your business.
Keep operating systems and software up to date – Since many ransomware attacks use unpatched vulnerabilities to gain access, keeping software across your network up-to-date removes a common attack vector.
Backup your data and devices – Recent backups are key for remediation of ransomware attacks. It’s also important to protect these backups so they are not also encrypted or deleted by the attacker.
Protect your network and devices – Utilize firewalls and endpoint protection to monitor network traffic and detect attempted and active attacks. Remote\Home access to business applications should be encrypted using SSL or VPNs. Implement a password policy that requires strong passwords and multi-factor authentication.
Develop a business continuity plan – It’s important to know ahead of time what to do when an event occurs that disrupts business, whether it’s natural, man-made, or a ransomware attack. A working business continuity plan\disaster recovery plan is essential to resuming business as quickly as possible.
Employee training – Educate your employees with ongoing cybersecurity training. This not only includes information about emerging threats, but also security best practices.
While there is no way to guarantee immunity from ransomware, developing a solid security strategy can help mitigate risk and reduce downtime in the event of an attack. Contact us today to learn more about our security, backup, and business continuity solutions.
