Ransomware attacks pose a significant and accelerating threat to businesses, government institutions, and individuals worldwide. While such attacks have been part of the cybersecurity and technology landscape since 1989, when the first ransomware case was documented, they have increased in number, magnitude, and costs in recent years.
According to the 2022 SonicWall Cyber Threat Report, the global volume of ransomware increased 105% year over year in 2021 and a whopping 232% since 2019, with attacks in the U.S. last year alone increasing by 98%. Researchers recorded over 623 million ransomware attacks worldwide. An estimate by Cybersecurity Ventures puts the damages from ransomware attacks in 2021 at around $20B, and the firm predicts that the economic costs of ransomware will reach $265B by 2031.
No business or individual can afford to ignore the threat posed by ransomware. It’s time to discuss the essentials of ransomware attacks: what they are, how they work, and what steps you can take to protect your business against such attacks.
What are Ransomware Attacks?
Ransomware is a type of malicious software that gains access to files or systems and holds the data hostage, usually through encryption, until the victim pays to regain access using a decryption key.
As the name suggests, this type of malware is intended to extort money from its victims in the form of a ransom. The demand for payment usually comes with a deadline. Failure to pay the ransom fee can lead to the permanent loss or publication of the data.
Ransomware differs from other types of malware in that victims are notified about the attack and provided with instructions for paying the ransom and recovering the encrypted data. The increase in ransomware attacks in recent years is directly related to the increasing popularity of cryptocurrencies, especially Bitcoin. Attackers have increasingly required payments in such digital currencies in order to remain anonymous and untraceable.
The two most common forms of ransomware are encrypting ransomware and screen lockers. Encrypting ransomware encrypts the victim’s data, while screen lockers lock users out of their computers and data systems entirely. Other types of ransomware include doxware, which threatens to release sensitive or confidential information, and mobile ransomware, which specifically targets mobile devices.
How Does Ransomware Work?
Ransomware accesses a computer’s files or systems through things like messages and email attachments. Phishing emails, for example, are one of the most common ways of launching a cyber attack. In this case, users are encouraged to click an attached link which, once downloaded, infects the user’s computer with malware.
Spear-phishing is a particularly sophisticated phishing method, which involves attackers doing prior research to target specific individuals and networks to maximize their chances of success.
Other types of ransomware avoid engaging with users directly and instead look for ways to exploit weak security measures. Messaging services such as Facebook Messenger are another means to distribute ransomware. As well, malware can be spread through browser plugins, external/removable devices such as USB drives, and malicious apps and websites.
Remote Desktop Protocol is one of several means that do not require any interactions with users at all. And increasingly, the use of Ransomware-as-a-Service (RaaS) allows attackers to launch ransomware attacks with little prior technical or cybersecurity experience.
Ransomware encrypts the victim’s data as soon as it enters the system. It then adds an extension to the files which renders the data inaccessible to users. The files cannot be accessed again without the use of a decryption key. A message will then appear on a lock screen that notifies the victim that they have been locked out from accessing their data and will have to pay a ransom fee to regain access.
If victims choose to pay the ransom, they might receive the decryption key, although that is not guaranteed. And even if a decryption key is received, it isn’t guaranteed that it will work.
Ransomware Attacks: Targets and Effects on Businesses
Although ransomware attacks were originally focused on targeting personal computers and individual users, they have increasingly shifted their focus to businesses, from small and mid-sized firms to large corporations. Government institutions, public utilities, and healthcare networks have also been targeted.
Such organizations are prime targets because they have greater financial resources, and their data is more critical, making it more likely that they will pay a large ransom.
The effects of ransomware attacks on businesses can be serious and long-lasting. They include:
- Loss of important & confidential data
- Damage to business & data infrastructure
- Loss in revenue & earnings from downtime
- Financial losses from recovery costs and/or ransom payment
- Loss in productivity & labor
- Long-term (potentially permanent) damage to data, software, & hardware
- Reputational damage to the business & its leadership
- Loss of customer & client confidence in the business
- Potential personal harm to patients/customers of healthcare/public utility targets
Given the dire consequences of ransomware, it is crucial for businesses to protect themselves effectively against such attacks.
How to Protect Your Business from Ransomware Attacks
Individual users and employees are both the weakest and strongest links that businesses have when it comes to ransomware attacks. Organizations must train their employees in cybersecurity and implement proper security measures to prevent attacks.
Some of the important steps that businesses can take to protect themselves against ransomware include:
- Back up devices regularly
- Limit data and network access to trusted individuals
- Update all software regularly
- Implement network segmentation
- Monitor all networks and connections for any suspicious activity
- Download only from known and trusted sources
- Implement a thorough and strict password policy for all users
- Have a multifactor authentication policy for all logins
- Urge users not to open any attachments from suspicious emails
- Use a secure email gateway (SEG) to monitor emails
- Use mobile device management (MDM) software to protect mobile devices
- Use secure web gateways (SWG) to filter out malware
- Avoid using any USB sticks or external storage devices of unknown origin
- Consult security professionals to identify vulnerabilities in the system
- Isolate & shut down any compromised parts of the system to protect your network
- Ensure your business is protected from liability with the right insurance coverage
To cover your company in the event of a ransomware or other attack, cyber insurance specifically protects your business in the event of losses from ransom, data, and clients.
Should You Pay the Ransom?
The consensus on whether to pay attackers is clear: security and law enforcement agencies, including the FBI, advise against paying the ransom. Businesses cannot be certain that the decryption key they will receive in exchange for the ransom will work. In fact, the criminals might not provide the decryption key at all.
As well, paying ransom could set a risky precedent: other criminals might be encouraged to target your organization, knowing that you have a history of paying ransom. On a broader scale, it encourages criminal activity by incentivizing the use of ransomware.
Some organizations, however, may have no choice but to pay the ransom. Healthcare facilities and public utilities, for example, may be forced to pay because the prospect of extended downtimes is too risky and potentially life-threatening to patients and customers. Businesses might decide that the cost in lost revenue and profits from downtime will be in excess of the ransom demanded. For some individuals and organizations, the threat of sensitive data being released might pose too great a danger to their safety or reputation.
If you find yourself in a situation where you have no choice but to pay the ransom, the best risk mitigation strategy is to insure your business.
The Future of Ransomware
Ransomware attacks are certain to increase in the future, both in their sophistication and range of targets. Attacks on healthcare systems, utilities, and public infrastructure are particularly troubling because these are critical institutions that are vulnerable due to outdated or insufficient cybersecurity measures.
For businesses, a particular concern is ensuring that security measures keep up with advancements in ransomware technology used by cybercriminals. The growing popularity of work from home since the beginning of the pandemic poses another threat. At-home work can lead to increased risk because employees may not have the level of cybersecurity in their homes to protect the networks they access remotely against attacks. The mixed use of personal devices and work computers also increases the risk level, exposing the entire work network to threats transmitted through personal devices.
These concerns highlight the importance of cybersecurity measures to prevent ransomware attacks in the future. It is of vital importance for all businesses and individuals to be aware of the risks that ransomware attacks pose and to do their part to protect themselves against such attacks.
For more on how cyber threats, including ransomware, affect businesses, check out our full on-demand Cyber Threats Webinar. And you can learn more about cybersecurity, risk mitigation, insurance, and more, on our blog.