The meteoric rise of ransomware has garnered substantial attention over the past decade and for good reason: the malicious software attacks can cripple their intended targets. Now, recent data is shedding light on an evolving threat – while overall ransomware infections have decreased, enterprise infections have grown by nearly 12 percent in 2018 and account for 81 percent of total attacks. With danger on the doorstep for millions of businesses both large and small, precautions and counter measures must be put into place to protect critical infrastructure and data.
What Is Ransomware?
Ransomware is a malicious software created to deny access to a computer system until a ransom is paid. Ransomware can be spread in a variety of ways: a phishing email that appears as a legitimate invoice, image or link, a visit to an infected website or an ad containing malware than has been injected into a legitimate webpage. When an unsuspecting victim opens an email or inadvertently falls into an online trap containing ransomware, the virus is silently installed on the victim’s computer. In fact, requested ransom amounts rose nearly 200% from 2018 to 2019, according to The Crypsis Group. Ransomware manifests in different ways. Lock screen ransomware displays a window that prevents access to any part of the computer until a ransom is paid, while file-encrypting ransomware keeps the computer available but scrambles certain files and databases, then displays a pop-up screen with instructions on how to buy a private decryption key that will unlock the scrambled files.
Business Impact
Businesses remain a growing target due to the susceptibility of employees – in fact, some studies suggest phishing emails are clicked eight to 20 percent of the time, depending on content. To make matters worse, phishing grew nearly 41 percent in 2018. In a recent survey, 66 percent of business decision makers have indicated they are ‘very to extremely concerned’ about the risk cyber threats pose to their business. 45 percent of businesses effected by ransomware ultimately paid the hackers, but only 26 percent had their files unlocked. The average cost of an attack – including the ransom fee and associated business losses – totaled more than $900,000.
Protection From an Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends the following steps to protect yourself or business from a ransomware attack:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
- Audit your network for systems using Remote Desktop Protocol (RDP) for remote communication and disable the service if unneeded.
- Be sure to enable strong passwords along with multi-factor authentication for any RDP-enabled systems.
Source: The Hartford, “The Evolving Threat of Ransomware” https://www.thehartford.com website. Accessed December 28, 2020. https://www.thehartford.com/resources/business-tips-ransomware-protection