Ransomware attacks are never far from the headlines and the impact of a successful hit can be devastating
Recent attacks to make the front pages include a large European private hospital operator supplying critical dialysis equipment during the pandemic, and a global transport logistics company helping to maintain international supply chains.
Worryingly, reports suggest that both organisations had already been hit by ransomware earlier in the year, with at least one of them opting to pay the ransom demanded.
Despite being around for over 30 years, ransomware continues to thrive and rake in profits. Our latest global research shows that around half (51%) of organisations were hit by ransomware in the last year. Of those that ended up with encrypted data, over a quarter (27%) paid the ransom.
It’s easy for onlookers to stand on the side lines and tell such organisations that they shouldn’t pay. But the reality is that these organisations often feel they have no other way of getting their data back.
How attackers hold organisations to ransom
What is ransomware? At first glance the answer to that seems obvious, but it is in fact more complex than it appears. In general terms, ransomware is malicious software that encrypts devices or information and issues a ransom demand.
If the ransom is paid, invariably in some form of cryptocurrency, the victim receives a decryption key or keys, restores their data and everyone lives happily ever after. Only they generally don’t.
This is because ransomware no longer confines itself to just encrypting data; the more advanced ransomware families have taken to stealing information alongside the encryption or disabling or even deleting data back-ups that are connected to the network. All carefully designed to put pressure on victims to pay up.
The enduring ‘success’ of ransomware lies in this ability to evolve. The new tactics are often complemented by innovative tools and techniques intended to avoid detection and removal by security solutions.
Our security researchers recently uncovered ransomware installing virtual machines on victim devices, an incredibly resource heavy way of trying to bypass security detection before launching the ransomware module. We’ve found and reported on other innovative and possibly more subtle detection-bypass techniques. There is no sign of such developments slowing down.
The impact of ransomware
Taking all this into account, it comes as no surprise that our study unearthed some pretty stark numbers. First among this is that the costs associated with recovering from a successful ransomware attack nearly double if you have to pay the ransom, from £576,700 for organisations that don’t pay the ransom to £1.14 million for organisations that do.
Essentially, what this means is that the resources required to get an organisation up and running again, including downtime, people time, device cost, network cost, lost opportunities, and more, remain the same regardless of whether or not you pay.
Paying the ransom saves you nothing. I should add that it’s not all bad news: 66% of UK organisations whose information was encrypted managed to restore their data from back-ups.
Another worrying finding, particularly for the UK is that many organisations continue to believe they are not a target. Across all the countries surveyed, an average of 15% said that they had not been hit by ransomware and didn’t expect to be.
This rises to 21% for the UK. In other words: more than one in five UK organisations believes ransomware won’t happen to them.
If you take the overall global number as a benchmark, around half of these organisations are going to discover over the next 12 months that they’re wrong. And the chances are they won’t be ready.
What can organisations do?
Fortunately, there are some steps that organisations can take to build their resilience against cyberthreats such as ransomware. These are not one-off measures, the landscape changes and evolves all the time and so should your defences.
Here is my version of an essential checklist: first, as mentioned earlier, having back-ups enables you to restore your data without having to pay the attackers, but you need to ensure you back up your information regularly and keep it offline.
There’s little point in having back-ups if the attackers can get to them easily, or if the information stored is missing the last six months.
Second, install a multi-layered, next generation security solution that includes advanced technologies like machine learning and behavioural detection to spot new threats targeting your organisation through different routes or in unexpected ways.
Third, consider investing in managed threat hunting to support your security technologies and inhouse teams, offering unique 24/7 human expertise.
Last, but not least, educate and keep educating your employees on the dangers to look out for. Our research found that the most common way ransomware got into an organisation was through human exploitation, with somebody somewhere downloading a poisonous file or clicking on a malicious link in an email.
These are sensible steps against all cyberthreats, not just ransomware. There is no such thing as 100% protection, but if you make it difficult, frustrating and unprofitable for adversaries out to make a quick buck, then you are helping to put a stop to this pernicious threat. Giving the attackers what they want means they’ll probably be back. Stop it while you still can.
Source: Forbes
Ransomware suspected in cyberattack that crippled major US newspapers
HTTP Status Codes Command This Malware How to Control Hacked Systems
14 Tech Pros Predict The Next Big Thing In Cybersecurity And Encryption
NIST – Blockchain Identity Management Systems – Draft White Paper