Ransomware: Is Your Organization Prepared?
All organizations should have a comprehensive strategy to reduce the impact of a ransomware attack.
Articles published May 5, 2017 by Ben Killion
Do you remember the movies or TV shows where someone was kidnapped and the kidnappers left a ransom note? Similar to this in the cyber world is a constantly evolving and growing threat called ransomware. Ransomware is a form of malware software that “kidnaps” access to your network, applications, or data until a certain amount of money is paid by the victim.
It does this by encrypting certain data, so you can’t get to the information, or blocks access to systems and applications. Ransomware usually infects your computer or device with a Trojan virus from phishing emails or malicious programs on a website. Once it is installed, a ransom message usually pops up when the user restarts their device. Ransomware is the new virus, as hackers have primarily shifted away from servers and on to endpoints. In general, endpoint users are typically less technical and have different levels of trust.
All organizations, large and small, need to be prepared for ransomware attacks and should have a comprehensive strategy to reduce their risk of being impacted.
Ransomware attacks rose by 92.7% in 2021 compared to 2020 levels, with a reported 2,690 attacks in 2021 compared to 1,389 attacks in 2020. That growth is expected to continue with one study estimating that ransomware attacks will cost businesses $10.5T annually in lost revenue, brand damage, and lost opportunities by 2025.
A Fortinet study discovered that an astonishing 67% of organizations surveyed reported having been targeted with ransomware. The same report revealed that fewer than half of the surveyed companies have a strategy that includes measures such as network segmentation, forensic abilities, and backup and data recovery methods.
Even more startling is that, while 72% of reporting companies claim to have a ransomware policy in place, the procedure for nearly half of them (49%) is to simply pay the ransom outright.
Whether it’s your organization that gets infected or a home computer, the impact of ransomware can be devastating. You can permanently lose important and private information, you can expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. Even if you pay the ransom, it doesn’t guarantee that you’ll get the data back.
FBI Cyber Division Assistant Director James Trainor explained why you shouldn’t pay the ransom:
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
While you want your stolen or encrypted data back, it may not be worth giving in to the cybercriminal’s demands.
Does your organization have a plan and strategy in place, should there be an incident? What steps would you take to deal with the situation? Who would be involved and how would the communication and decision-making process flow and get executed?
While there isn’t a one-solution-fits-all tool or method for preventing ransomware attacks, there are several steps you can take today to ensure you’re prepared.
- Employee awareness: Educate your employees on how to identify phishing emails, malware, and ransomware. The number one element to ransomware’s success is the human element. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution.
- Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load.
- Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices.
- Update and patch regularly: Make patches and updates on your system, software, and firmware a frequent occurrence.
- Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect.
- Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place.
- Back up regularly: Make sure you’re backing up data on a regular basis, to ensure that the backups are operating as planned and can be efficiently restored.
- Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details, should your organization fall victim to an attack.
Ultimately, ransomware attacks can be defeated if your organization has established preventatives in place, such as educating employees, conducting regular data backups, implementing the appropriate technology tools, and having a disaster recovery plan.
What can your organization do today to defend against ransomware attacks?