fbpx

Ransomware — a quick guide to understanding and prevention

Jul 26, 2024 | Cybersecurity

ransomware

What Is Ransomware?

Ransomware is a kind of malicious software that is designed to allow cybercriminals access to a computer system’s data. It enables the attacker to block users from gaining access to that data, whether specific items, or the entire system. The perpetrators then hold the data or system hostage, demanding a ransom to allow you to get your data back.

What is “double extortion”?

It’s becoming increasingly popular for these attackers to use “double extortion” tactics in their attack. First, they demand payment to grant you access to the systems and data you’re locked out of, and second, they demand additional payment to return sensitive information they’ve already stolen. Double extortion also frequently involves the threat to release sensitive information unless payment is made.

•  Mid-sized companies appeared to be in cybercriminals’ crosshairs the most, with 65% stating they’ve been a ransomware victim over the past 12 months.

Delinea | State of Ransomware 2024: Anticipating the Battle and Strengthening Your Defenses | January 2024

How does ransomware get into a computer system?

A frequently used technique is via phishing email. The attacker sends a company employee innocent looking emails that contain malicious links. Once the links are activated, they become a vehicle for the transfer of malware.

Ransomware can also infect a computer system via vulnerabilities in the system’s security such as through unpatched or outdated software.

Many times, after gaining initial access, the cyberattacks use other types of “precursor malware” to spread through the victim’s network. This malware is designed to gain a foothold on a computer system or network and then the ransomware attack is launched at a later date.

•  Ransomware and extortion incidents surged by 67% in 2023

•  93% of external organizations that endured a ransomware attack reported paying a ransom demand

NTT Security Holdings | 2024 Global Threat Intelligence Report | May 2024

What’s the cost of a ransomware attack?

It’s hard to calculate exactly, but ransomware attacks can inflict significant financial and operational damage on a business or on an individual. Among the costs to consider:

  1. The ransom payment itself (which is often in the millions)
  2. Operational downtime
  3. Loss of data
  4. Data recovery time and expense
  5. Loss of business due to inability to serve or sell to customers
  6. Reputational harm, damage to company image, lack of customer trust
  7. Regulatory fines for potential violation of data protection laws

•  Q1 2024 resulted in a nearly 20% increase in reported victims over Q1 2023

•  The number of active ransomware groups more than doubled year-over-year, increasing 55% from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.

GuidePoint Security | GRIT Q1 2024 Ransomware Report | April 2024

Should you pay the ransom?

FBI policy, along with that of many other government agencies, advises against paying ransoms demanded by cybercriminals. About half of ransomware victims that pay ransom get targeted again since they have demonstrated their willingness to pay when an attack occurs.

Is there a full-proof way to stop ransomware attacks from happening?

There are several ways you can and should put up your best defense against ransomware attacks. It’s important to be as protected as possible and to have a good recovery plan in place in case the enemy breaks through. It’s a common misperception  that if you have protections in place that they are 100% effective. No prevention strategy is 100% ironclad, but not having protection in place is 100% asking for trouble.

•  Average ransom payment has increased 500% in the last year.

•  63% of ransom demands were for $1 million or more, with 30% of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.

Sophos | The State of Ransomware 2024 | May 2024

What are some tools you can use to protect against ransomware?

  1. Anti-virus/anti-malware software
  2. Firewalls
  3. Data backup/recovery software
  4. Email security software
  5. Endpoint detection/response (EDR) software
  6. Multi-factor authentication (MFA)
  7. Network monitoring

What are some effective ransomware protection strategies?

  1. Invest in cybersecurity consulting, data recovery/restoration, and legal services prior to experiencing an attack. Have service partners at the ready should a ransomware attack occur.
  2. Be sure to keep your software up to date to protect against vulnerabilities that cybercriminals can exploit.
  3. Perform regular and frequent data backups so you have alternative copies to utilize in the case of an attack. Store the backups in a separate location or on cloud servers.
  4. Strictly limit access and user privileges for sensitive data.
  5. Implement strong password policies.
  6. Be “email smart” and careful when it comes to handling attachments and links.
  7. Train employees regarding cyberattacks and how to avoid phishing attempts.
  8. Have a ransomware response plan in place and run simulations.

•  In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by close to 70%.

Corvus Insurance | 2024 Q1 Ransomware Report | May 2024

What to do if you discover a ransomware attack?

  1. Act quickly. Move to prevent the spread and contain the impact. Time is critical.
  2. Identify the infected device and disconnect it from the network.
  3. Engage an experienced expert to remove the malware and determine the nature of its impact on your network.
  1. Contact your local law enforcement agency or the FBI’s Internet Crime Complaint Center (IC3) to report the attack.
  2. Engage an experienced expert to restore your data.
  3. Contact a cybersecurity professional to review your current infrastructure and determine what measures to take to prevent a future attack.

Find out how to protect your organization from ransomware and other cyberattacks. Contact wedoit.co