The name pretty much sums it up. Ransomware is a form of malware. An attacker seizes control of a user’s file and demands a ransom to restore the file. Generally, how much does the attacker demand?
According to a report from Sophos, The State of Ransomware 2021, the average ransom payment in the U.S. was $170,404. Equally important, average remediation costs $1.85 million. Generally, remediation takes the form of downtime, device cost, network cost, lost opportunity, ransom, and more.
Ransomware attacks target government, manufacturing, construction, utilities, and services industries most frequently. In fact, Safety Detectives reported that the government suffered 15.4 percent of ransom attacks. Equally compelling, only 39% of organizations stopped the episode before data encryption. Nearly one-third of organizations paid the ransom.
An organization’s need to restore file access often determines ransomware payment. Not surprisingly, government agencies, medical facilities, law firms, and other companies with sensitive data may be more inclined to pay quickly. In many cases, keeping a breach out of the news may lead to payment.
How Ransomware Works
Ransomware takes multiple forms. For one, successful phishing attacks impacted 65% of organizations last year. Others, like NotPetya, exploit security holes versus attempting to trick users.
Regardless of approach, the most common outcome is encrypting some or all of a user’s files. A malicious binary on the infected system conducts that action. It encrypts Microsoft Word documents, databases, images, and other sensitive data. Of most significant importance, the cybercriminal holds a private key that prevents the files or data from being decrypted.
In worst cases, ransomware may not stop at the user level. Instead, it spreads to the system and network levels. That spread potentially impacting the entire organization. Typically, that attacker demands payment within 24 to 48 hours. Otherwise, files remain inaccessible.
Despite claims by the attacker, hackers restore only 65% of data after ransom payment (Sophos).
Some Ransomware Examples
Ransomware has enjoyed a strong run over the last five years. In part, that’s due to untraceable payments like Bitcoin. Fortunately, ransomware attacks have dropped off somewhat.
Some of the most significant attacks in history included:
- WannaCry impacted 200,000 computers across 150 countries.
- TeslaCrypt made up 48 percent of ransomware attacks in 2016.
- Deliver by a trojan downloader, SimpleLocker targeted the Android platform.
- SamSam hit the Colorado Department of Transportation and the City of Atlanta.
- Ryuk impacted daily newspapers in 2018 and 2019. According to reports, its operators made more than $150 million in Bitcoin ransom payments.
Ransomware recovery times generally range from two to four weeks. At times, it can take even months.
Responding to a Ransomware Attack
Above all, resist the urge to remove the ransomware immediately. Stick to a remediation plan. Why?
Well, the good news associated with removing the virus is that it eliminates the malware. Plus, you regain control of your computer. However, the bad news is that you reduce your ability to identify the ransomware and its impact. In addition, you’ll surrender your files. First, you would still need the private key from the attacker. Second, removing the malware eliminates your ability to pay the attackers.
Your first response should be contacting your IT department to remove internet access from affected networks. Next, call your cyber insurance carrier. Enlist their support from the start.
At a more granular level, start by identifying the source of the attack. Then, isolate the device. In addition, disconnect any devices acting out of the ordinary. Any device connected to your network could infect your entire network. Check for recently encrypted files with odd extensions or file names.
Next, identify the specific ransomware and assess the damage. Create a list of impacted storage devices, external hard drive storage, IoT devices, and even cloud storage. Afterward, review your backups. If your backup is current, complete, and unaffected, you can restore your system.
Report the incident to appropriate authorities. After all, ransomware is against the law. Equally important, you may violate compliance requirements by failing to report the security breach. Finally, law enforcement may be able to help uncover your stolen or encrypted data.
When the time comes to remove the ransomware, it’s reasonably straightforward. It involves four key steps:
- Reboot Windows 10 to safe mode
- Install anti-malware software
- Scan the system to find the ransomware
- Restore the computer
Preventing Ransomware Attacks
By following cybersecurity best practices, you can help prevent ransomware attacks. For instance, you’ll want to take these steps at a minimum:
- Enforce a firm password policy. Notably, implement multi-factor authentication. It should be a requirement.
- Make sure your operating system is current.
- Never install software or grant access without full knowledge—issue bare minimum privileges.
- Install antivirus software to detect malicious programs.
- Scan and monitor files and emails routinely.
- Only use secure networks and keep your security software current.
- Whitelist software to prevent unauthorized applications from executing.
- Always back up files.
- Conduct cybersecurity awareness training to educate employees regarding security threats.
- Deploy managed detection and response software supported by a Security Operations Center (SOC). You can learn more about it here.
Always remember, layered security initiatives and due diligence are your best friends.
To Pay or Not to Pay the Ransom
According to Emisoft, ransomware demand cost businesses more than $1.4 billion in 2020. Obviously, a great many organizations elect to pay the ransom. But should they?
The Federal Bureau of Investigation (FBI) advises victims not to pay. First, there’s no guarantee a cybercriminal will provide the private key to unlock your files. Remember, only two-thirds of hackers did so. Second, your business may be seen as vulnerable to cyber-attacks and exposed to more attacks.
The bottom line? Is your business in a position to take the hit? Weigh the repercussions for failing to pay. In addition, consider talking with a cybersecurity professional to gauge the threat’s extent.
Lay Down a Strong Cyber Defense
As the saying goes, an ounce of prevention is worth a pound of cure. Take the necessary precautions to guard your cybersecurity in the first place.
As a cybersecurity company, we deliver award-winning cybersecurity services to clients throughout Pennsylvania, Maryland, Delaware, and even national locations.
Talk to us about an cybersecurity risk assessment. We’ll review your infrastructure and provide you with a CyberSUCCESS Score. The score presents vulnerabilities in your operation. It’s all part of driving your IT success.