Ransomware is becoming increasingly common and has become worldwide news due to recent attacks. So if your company takes cyber security seriously, you’ll want to know how to prevent ransomware from attacking your business.
What Is Ransomware?
Ransomware is a type of malicious software called malware that cybercriminals use to prevent you from accessing your data. The criminals encrypt the data on your system and hold it “hostage” until they receive the money to decrypt it. In the beginning, ransomware acts exactly like any other malicious virus spreading from your network to other attached servers or systems.
Modern forms of ransomware have been programmed to be backed up with ordinary data meaning backups or data recovery efforts are useless. If the ransom is not paid promptly, data may be erased, or the decryption key may be deleted, making accessing the encrypted data impossible. The data may also be stolen and leaked, or sold on the dark web.
The difference between other types of malware and ransomware is how directly it affects the victim. It used to be that most malware attacks were designed to gain information, such as social security numbers, which would then be used in other crimes like identity theft. However, with ransomware, cybercriminals are directly holding the victim’s devices and data hostage, threatening to erase or expose it if a ransom is not paid.
Ransomware demands are depressingly similar. First, the malware gains access to your device. Either certain data or your entire hard drive is encrypted, and finally, the cybercriminals demand money to unlock your data.
In this guide, we will talk about what ransomware is, why you should be concerned about it, who the primary targets are, and finally, how to prevent ransomware.
Who Are the Primary Targets of Ransomware?
It’s easy to look at the above and think only large targets are tempting to cybercriminals, but small and medium-sized businesses are targets too. According to the World Bank, small and medium-sized businesses are vital in every economy, accounting for 90% of businesses worldwide and employing half of the workforce. Unfortunately, this also makes them perfect targets for cybercriminals. They know larger businesses have the budget to have a better IT department.
One of the biggest challenges faced by smaller businesses is a shortage of personnel to deal with cyber-risks, attacks, and vulnerabilities. And cybercriminals know this and are eager to take advantage of this fact. Smaller companies are also more likely to pay the ransom once they realize that their IT specialists can’t deal with the problem; the opportunity costs of losing their data are just too great to risk, and paying the ransom is easier.
You may think that it’s foolish to pay, and long term, it may be, but according to Datto’s report, ransomware is near the top of malware problems that smaller companies face; 20% reported that they had been hit with a ransomware attack. Malware statistics from the third quarter of 2020 show that the average ransom payment requested by cybercriminals was $233,817, but the cost of downtime is 23 times greater than the ransom requested. This encourages smaller companies to pay and pay quickly, and cybercriminals know it.
How To Prevent Ransomware
Now that you know the devastating effects of an attack, you’ll want to take these measures in order to prevent ransomware from taking a hold of your business.
1. Educate Your Workforce
The single best thing you can do to protect your business against ransomware is to educate your workforce. You need to secure emails, build firewalls, and take all proper precautions, but the malware will still slip through. If your employees know what suspicious emails look like and know to read their emails with a mind toward suspicion actively, your business will be able to prevent ransomware more efficiently.
2. Plan For Ransomware Specifically
The next thing you can do is have a plan for ransomware attacks and have regular drills. Everyone needs to know their place in case of a malware attack, and regular practice will cause it to be second nature! You should also prioritize your most essential systems so if those systems are under attack; your entire team knows to assist.
3. Backup Your Data
Further, all your data should be regularly backed up, with critical assets being backed up offline. You should ensure that your essential data is kept separately from your backups, so both can never be corrupted; however, you must remember to leave a pipeline so that the backup data can be quickly recovered after a ransomware attack.
4. Segment Your Network
Your network should also be segmented, so if one part of your data is attacked, other parts will still be safe. Each segment of your network should have individual security controls and strict access policies, so people can only have access to data they need to access when they do their jobs.
5. Automate Patching
Finally, make sure you have all the latest security patches for all your software and make sure all your employees use unique secure passwords. This basic security will ensure you are difficult to hack. The more difficult you are to hack, the less likely you’ll be targeted.
Examples of a Ransomware Attack
Although ransomware is not a new phenomenon, many events have made international news lately. Prominent recent ransomware attack examples include:
Brazil-based JBS S.A. is the largest meat producer globally. On May 31 of this year, the meat processing company fell victim to ransomware that resulted in the payment of a $11 million ransom to cybercriminals. Russian-based group, REvil, is suspected to have orchestrated the attack. The attack targeted servers supporting the meatpacker’s operations in Australia and North America, which led to the closure of some of the affected branches, including those in Australia, Brazil, and the United States.
JBS paid the ransom despite the nearly $200 million it spends annually on maintaining the integrity of its IT infrastructure. The company reported that it immediately reached out to the 850+ IT professionals it employs globally to help detect the extent of the intrusion. From this forensic investigation, the company believes no company, employee, or customer details have been leaked.
A hacker group known as Darkside engineered a cyber attack on The Colonial Pipeline in May of 2021. The Eastern European-based group is known for using malware to freeze computer networks. The group directed the attack at the largest petroleum pipeline company in the United States that transports fuel for 5,500 miles from Texas to New Jersey. As a result, gas panic-buying and price spikes followed in the days after the attack.
The hackers executed the ransomware attack via a leaked password to an old account that had access to the VPN used by the company’s servers. This account lacked multi factor authentication, making it easy for hackers to gain access to the petroleum pipeline company’s servers. This hack emphasizes the risk that is the human factor in a business and how negligent cybersecurity practices can cost a business. It cost Colonial Pipeline a ransom totaling nearly $5 million.
The most recent ransomware attack example came even more recently, on July 2, 2021, when a number of managed service providers and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for 1,000+ companies. The attack came via
Kaseya, who provides MSPs with a unified remote-monitoring and management tool for handling networks and endpoints. Attackers carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software.
To combat the attack, Kaseya proactively shut down its SaaS servers and pulled its data centers offline. Unlike the examples above, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and did not pay a ransom.
As the world continues to navigate the complexities of a distributed workforce, Electric is here to support your organization. Electric can work closely to help you push security policies and configurations that adhere to industry best practices across your entire company. Our commitment to architecting IT infrastructure security starts at the core of your business. That’s why we unify security at the device, application, and network levels.