One of the biggest issues in cybersecurity today is ransomware. This nasty type of malware denies victims access to their network – usually by encrypting their files – unless a ransom is paid. The target’s operational capacities are disabled until they pay up, and even then, it’s not guaranteed that hackers will provide the needed decryption key and restore system functionality.
Devastatingly effective and ever-evolving, ransomware has proliferated in recent years, as sophisticated cybercriminals spawn new strains and strategies of invasion. Annual global damage from ransomware is projected to cost companies more than $20 billion by 2021, 57 times the amount in 2015, making it the fastest-growing form of cybercrime.
First emerging around 2005 as a subcategory of scareware, early ransomware was rudimentary and unprofitable without a suitable payment system. It remained relatively impotent and under control until 2012, when Bitcoin changed the game, providing precisely the monetary exchange apparatus hackers needed – anonymous, universal and outside traditional financial institutions – to extract real ransoms.
There are numerous forms of ransomware and myriad ways it can infiltrate a system. The most common types include:
Most often, ransomware enters a system via email phishing spam. The victim opens a malicious attachment or clicks on a link to a dangerous website, the ransomware corrupts the computer and then spreads through the network. Criminals also use exploit kits to manipulate security weaknesses, like the notorious WannaCry Microsoft exploit. Once in the system, ransomware typically blocks hard drive access or encrypts computer files, rendering them unreadable without the hacker’s key, which requires payment.
Any ransom is often demanded in cryptocurrency because it’s anonymous and untraceable. In general, the amount is high enough to be worth the attacker’s time but not so much that victims are unwilling to pay it. There’s no guarantee that coughing up the ransom will return system access, and those who pay out of fear or desperation are frequently retargeted.
Ransomware danger is near-constant, with estimates that businesses incur breaches every 14 seconds – predicted to be every 11 seconds by 2021. That doesn’t even include the more-frequent cyber attacks on individuals, which will also increase as the world’s online population grows. On both a macro and micro level, ransomware is a major problem, resulting in an estimated $5 billion in losses in 2017 and robbing companies of not only revenue, but also reputation, operations, information and customer trust.
Certainly, all companies are at risk of ransomware. Criminals have recently progressed from a “spray and pray” approach – lots of attacks against small targets – to “big game hunting,” focusing on fewer victims that have unique vulnerabilities and can pay more, like medical companies and universities. However, small and medium-sized organizations, which generally have fewer resources to spend on cyber defense and thus less protection, suffer greater impact.
Interestingly, global malware attacks have declined overall in the past year, but ransomware specifically has spiked, up 15% by mid-2019 and up 20% through the first half of 2020. As more businesses work remotely and employees access company networks on their personal devices from home, where there are fewer levels of protection than in an office, experts see a correlation between COVID-19 and ransomware infections. It seems the coronavirus pandemic is exacerbating the ransomware epidemic.
Once your computer has been hit with ransomware, it’s usually too late to recover your data. Even if you back up files or pay the ransom – and in most cases, law enforcement officials recommend against paying it – your network has already been exposed, your customers compromised and your business endangered.
Most often ransomware exploits the human element of a company’s cybersecurity system, meaning education and training are crucial. An organizational mindset is as important as monitoring tools when it comes to cybersecurity and keeping your company safe.
Here are some best practices to protect against ransomware:
Since the earth-shattering CryptoLocker trojan horse in 2013 showed its enormous potential, ransomware has evolved from petty theft to global enterprise. Its growth is driven by increasingly savvy cybercriminals, exploiting still-alarmingly unprepared companies.
A single ransomware infection can spread from one computer through an organization’s network and overwhelm the entire system. This can handicap your business and result in costs far beyond the ransom, including lost data, time, productivity and brand strength.
If you can’t or don’t want to build your own protection capabilities, you need to hire the expertise of a trusted IT services provider. Utilizing an educational framework that explains the cybersecurity environment so you understand it, Calance offers a robust range of managed defense systems and solutions, which can help identify threats and shield your company from the crippling consequences of ransomware attack.