“Your files have been encrypted. You have 5 days to submit the payment, or your files will be lost.” The ominous message glaring out from your screen isn’t farfetched—or even unusual. Instead, this common scenario plays out continually. By the end of 2021, ransomware attacks are expected to target global businesses every 11 seconds."
Ransomware is on a meteoric rise – increasing in frequency, severity, and sophistication. As ransomware has proliferated over the past year, more than half of organisations have fallen victim to an attack. With increasing attacks come higher financial and operational impacts, including ransomware payments and associated costs, operational downtime, and remediation efforts.
So how can organisations defend themselves?
Data exfiltration, the unauthorised copy or transfer of data, is becoming increasingly common with ransomware attacks as a coercion tactic to incentivise ransom payment. In Q4 alone, more than 70% of ransomware attacks involved the threat of data exfiltration. Hence, organisations are struggling with not only more ransomware attacks, but also the added privacy implications of data exfiltration.
Driven by the COVID-19 pandemic, businesses have greatly accelerated their digital transformation efforts. From healthcare organisations to government agencies to manufacturing companies and every industry in between, the rapid shift to remote work generally has created wider attack surfaces and less secure environments. The result? A boon to cybercriminals.
What is ransomware and how do attacks happen?
Ransomware is a type of malware that prevents access to a system or data until the victim pays a ransom. Using a variety of methods, attackers typically encrypt a victim’s files and render them incapable of opening. The attacker then provides instructions and requests a fee (aka, the ransom) in cryptocurrency from the victim, dangling a carrot in the form of a decryption key to unlock the encrypted data. Whether the victim pays or not, there is no certainty that the files will be returned or access restored.
In the world of ransomware, cybercriminals are the most common culprits. Cybercriminals conduct ransomware attacks for economic benefit. Ransomware tool kits are widely available for purchase on the dark web (think RaaS – Ransomware as a Service), enabling even less skilled cybercriminals to carry out ransomware attacks for profit. The ease with which attackers can execute ransomware attacks also contributes to its continued growth, notes the 2020 Data Breach Investigations Report.
Is my organisation at risk?
Ransomware attacks impact individuals and organisations across industries and around the globe – no organisation is immune. Small and medium-sized businesses remain popular targets, representing 62% of incidents (Beazley 2020 Breach Briefing). In contrast, 38% of ransomware incidents target the middle market (defined as over $35 million in annual revenue). While ransomware is an issue across industries, some are harder hit than others. Healthcare, professional services, and financial services alone account for more than half of ransomware incidents. The healthcare industry is among the most targeted, with financially motivated cybercriminals using ransomware attacks to exploit sensitive patient data.
What are the best ransomware defence strategies?
A ransomware incident can cause significant damage. And while a business cannot anticipate a specific ransomware attack, you can plan for the potential impact. Preparation makes all the difference. Businesses should carefully consider—in advance—how they would manage a ransomware attack: before, during, and after.
Before a ransomware attack occurs, it’s critical to:
- Know your options.
- Develop internal policies and guidance.
- Understand regulatory implications and potential sanctions.
- Secure board approval.
- Examine impact on and how to leverage insurance.
- Seek legal counsel.
- Engage outside expertise.
- Consider how to access a cryptocurrency account.
During a ransomware attack, focus on how to:
- Minimise exposure and maximise backup.
- Tap into insurance, claims, and vendor expertise.
- Follow your internal and external guidance.
- Determine whether to pay the ransom.
And after a ransomware attack, consider how to:
- Update internal guidance.
- Bring in external expertise.
- Identify and remediate weaknesses.
- Review backup strategy.