Hot Topic: Ransomware
Ransomware has become one of the most prolific attack types seen over the past year. This ever-increasing threat has the potential to cripple your organisation and have long-lasting consequences.
Ransomware attacks have increased by 103% in the past 12 months and has grown in popularity with cybercriminal groups as it has proven to be a lucrative revenue gathering mechanism to become a billion-dollar industry. Recent attacks have shown that ransomware is no longer your biggest problem; it is the result of a broader security breach.
Traditionally ransomware attacks were carried out by the “bad guys” installing malicious software on your system to encrypt all your files and data. They would leave you with a ransom note offering to supply you with a decryption key when you paid their ransom. This commonly occurred by sending a malicious email with a payload that would deploy their malware when a user accessed the attachment. This is generally no longer the case.
The anatomy of a ransomware attack has evolved from a simple attack delivered by email with attackers now using multiple entry points by exploiting network and software vulnerabilities as well as continuing to use malicious email and many other methods to deliver malware as a preliminary attack. The malware steals credentials, makes configuration changes, executes backdoors, and establishes an Advanced Persistent Threat (APT) to gain access to your systems and sensitive data at any time before deploying the ransomware. Wipers are also becoming increasingly common which give the appearance of encrypted files, which once decrypted reveal the data and files have in fact been deleted.
Consequences for businesses are not only financial and can include temporary or permanent loss of critical data and services, downtime resulting in loss of productivity, loss of opportunity and loss of income and reallocation of resources to resolving the attack rather than performing their normal duties. Reputational damage can be caused by any cyber security incident which may result in customers or partners losing faith in your organization’s ability to protect their data and may be detrimental to the viability of your business.
Roughly 40% of victims who paid the ransom to recover their data never get it back and 73% of those who do pay are targeted again – often by the same attack group. Many more encountered some data corruption, and a few were not able to recover anything at all.
Most cybersecurity experts typically advise against paying the ransoms but rather investing in a sound preventative and recovery strategy. Rather than take your chances with ransomware, taking a few simple steps puts your organisation in a stronger position to resist attackers and be able to recover in the event that your business falls victim to such an attack.
You can develop a Ransomware Defence Strategy including our five stages by downloading our FREE Ransomware Defence Strategy Checklist below and put your business in a stronger defensible and recoverable cyber position.