The Threat Grows
If the attack earlier this year on Kaseya shows anything, ransomware isn’t going anywhere. Conducted by REvil, the attack impacted some 1,500 or more businesses worldwide. The ransomware gang demanded $70 million to restore the data from those affected, primarily companies in the SMB sector. By the way, you’ll find tips on how to prevent an attack from happening on you with the ransomware prevention checklist later in this article.
A 2021 report by Fortinet reflects how much ransomware has progressed. Here are some of the data from that report:
- 67% of organizations have been a target of ransomware attacks
- 16% have been hit three or more times
- 96% feel at least moderately prepared (despite the % of attacks indicating otherwise)
As for the why behind the attacks, these insights point to a lack of cyber awareness training:
- Nearly a third (32%) of companies directly state there’s a lack of security awareness training
- 61% have user training – but only as part of an incident response plan
- 58% of ransomware attacks in North America start with phishing a user
More High-Profile Ransoware Attacks
Although Kaseya was a high-profile attack, several other attacks have made big headlines through the first half of the year:
| Attack | Ransomware |
| Colonial Pipeline | $4.4 million paid |
| Brenntag | $4.4 million paid |
| Buffalo Public Schools | Unspecified |
| Acer | $50 million demand |
| JBS Foods | $11 million paid |
| Quanta Computer | $50 million demand |
| National Basketball Association (NBA) | Unspecified |
| AXA | Unspecified |
| CNA Financial | $40 million paid |
| CD Projekt | Unpaid, backups used to restore data |
| KIA Motors | $20 million demand |
Looking at the number of attacks in 2021 thus far, each month has seen a more significant number of attacks than last 2021. For example, April saw a significant escalation in activity (BlackFog).
Equally important, attackers are moving beyond data theft in many cases to take control of a company’s operations. The goal is to create production slowdowns and create downtime to impact a business. As a result, ransomware attacks are migrating to manufacturers, industrial companies, and other operations relying on physical infrastructure.
Ransomware Payments Increase
In 2017, Cybersecurity Ventures advised that ransomware damage would cost $5 billion. More important, that number increased to $8 billion in 2018, followed by $11.5 billion in 2019. Indeed, ransomware predictions for 2021 indicate costs will soar to $20 billion, more than 57 times that of 2015. These numbers make ransomware the fastest-growing form of cybercrime.
On top of initial payments, cyber criminals are moving to double-extortion measures where they steal sensitive data before encrypting files. Then, they threaten to publish the data if the ransom goes unpaid. According to Checkpoint, there’s been a 50% increase in the daily average of double-extortion ransomware attacks.
Using this technique allows hackers to benefit without an actual ransomware payment. Healthcare records, for example, sell for between $100 and $500 on the dark web.
Ransomware Prevention Checklist
With this kind of threat landscape, an ounce of prevention is worth a pound of cure, as the adage reflects. So, there’s no reason to leave yourself exposed to ransomware attacks when you can take steps to help prevent them. The chart below, for example, presents a list of protection and defensive measures essential to secure your organization against ransomware.
In addition to the essentials presented above, this ransomware prevention checklist provides insights into additional measures you can take to reduce your risk. By the way, you can access a FREE ransomware simulator here. It simulates 22 ransomware infection scenarios and one crypto mining infection scenario to show you a vulnerable workstation.
You can protect your firm by implementing these lines of defense:
First Line of Defense
| Implement an automated backup solution using the cloud, software, or hardware | |
| Ensure all possible data requiring access is backup up, including mobile and USB storage | |
| Ensure your data is safe, redundant, and easily accessible once backed up | |
| Regularly test the recovery function of your backup and restoration process. For instance, test the data integrity of physical backups and ease of recovery for online and software-based backups for at least the last 3 or 4 months. |
Second Line of Defense
| Install and use a firewall | |
| Deploy anti-spam and anti-phishing software or dedicated hardware | |
| Ensure everyone in the organization is the latest generation of endpoint protection and whitelisting and real-time executable blocking. | |
| Routinely update and patch all applications and operating system components with vulnerabilities. | |
| Insist on remote log-in through a VPN |
Third Line of Defense
| Implement Data Leak Prevention (DLP) tools | |
| Use least-permissive permissions for file, folder, application, and database access. | |
| Require multi-factor authentication for all access | |
| Enable system logs to track data movements | |
| Use traffic analysis to note any unusual data movements across computers and networks. | |
| Encrypt data to prevent easy unauthorized copying |
Fourth Line of Defense
| Conduct cyber awareness training to educate personnel on what to look for to prevent criminal applications from being downloaded and executed | |
| Conduct frequent, simulated phishing attacks to inoculate users against cyber threats; conduct testing monthly. | |
| Enable system logs to track data movements |
Get Your Head Out of the Sand
Ransomware is serious business. No company is safe. So, even if you think your small organization is immune, think again.
The Kaseya attacks debilitated smaller businesses like accounting firms, doctor’s offices, retailers, and a host of other SMBs. By targeting a managed service provider, the hacker could move laterally and access the provider’s accounts.
That raises a critical point. First, make sure your managed IT services provider has control of its operation. If they aren’t protecting their infrastructure, it’s doubtful they’ll defend yours. In this case, the MSP failed to have proper tools to prevent such an attack.
Our IT company specializes in small to medium-sized businesses in Harrisburg, York, Lancaster, and surrounding areas. So, we know the common vulnerabilities attached to your organization. But, more importantly, we know how to mitigate them to make you virtually immune from a cyber-attack.
Talk to us about our cybersecurity services and ask about a vulnerability test. We’ll uncover the issues that make you susceptible to attack and get them remediated in short order. We can also set you up with cyber awareness training to alert your employees to ransomware dangers and how to spot phishing and smishing attacks.
