It seems like a new story is popping up every day about organizations falling prey to ransomware. Yet unless you are in the IT field, you might be wondering exactly what ransomware is. Ransomware is a malicious type of software used by cybercriminals to encrypt a victim’s computers and network files — sometimes destroying their data. The criminals then hold the data for ransom, forcing the victim to pay to have their systems and data de-encrypted. Because it’s relatively easy to do – and difficult for law enforcement to track – ransomware is one of the most common cyber threats. It’s also one of the most dangerous and costliest, costing Canadian businesses an estimated $230 million in 2021.
In this blog, we’ll take a closer look at what your organization needs to know about ransomware, and most importantly, how to protect your business.
How Much of a Threat Is Ransomware?
The first widely publicized ransomware attack was in 2013, and unfortunately, the threat has grown exponentially ever since. According to Cyber Centre in Canada reported 235 ransomware incidents targeting Canadian organizations between January 1st and November 16th, 2021. What’s worse is that no one is immune – from small family businesses to enterprise corporations. Prime targets as of late have been government agencies and healthcare organizations – particularly those whose antivirus protection is dated or nonexistent.
One reason for this growth is that ransomware is easy to spread via user error on the part of anyone within your organization. Phishing or business email compromise (BEC) schemes, in which fraudulent emails concealing the malware pose as legitimate messages that encourage recipients to click on a link or download a file, are all too easy to execute. Unfortunately, even savvy employees can fall victim to these schemes. Now, they have moved to social media clickbait as well. Oftentimes, fake accounts will pretend to be friends or colleagues.
Complicating matters is the fact that attacks are becoming increasingly sophisticated. Phishing emails are becoming more difficult to detect. Something as simple as visiting an infected website can potentially corrupt a user’s system, even if the user doesn’t click anything on the page
On the flip side, IT professionals are also becoming better and more sophisticated at preventing ransomware attacks. Taking advantage of their expertise to prepare your company against the threat of ransomware can significantly lower the odds of your network – and your data – being corrupted.
Just How Bad is Ransomware?
Why is it so important that you avoid ransomware if possible? Once ransomware has encrypted a computer’s files and network drives, the cybercriminal who launched it will demand a ransom in exchange for a decryption key. Despite their best intentions, most victims capitulate and pay the ransom. This is because ransomware can be difficult, if not impossible, for even a professional to crack. Oftentimes, if you want your data back, you must pay.
And those costs can be enormous. On its own, the ransom can run into thousands or even hundreds of thousands of dollars, with some of the more staggering amounts approaching $1 million. Since this doesn’t include the cost of downtime, lost business, bad publicity, and even more intangibles, the real cost of recovery can easily run into the millions.
In one very public case, the attack on global meat producer JBS resulted in a ransom of about $11 million being paid, an unauthorized party gained access to the Canada Revenue Agency user credentials. This resulted in 800,000 taxpayers being locked out of their accounts.
What makes these criminals even more difficult to track is that they typically demand their payment in cryptocurrency, which offers substantial anonymity. Since they also work across international borders. Jurisdiction issues can make prosecution almost impossible in rare cases when they are identified. So, how can your organization protect itself against this growing threat?
Preventing Ransomware Attacks
To get the best protection, organizations should take a two-pronged approach that includes both technology and education. Your employees need the right tools, the right information, and the right business processes to deter attacks.
Here are a few critical steps that your organization can take to protect your data, some of which you can do on your own, others are best executed by IT professionals:
- First, ensure that all users of all your accounts (employees, trade partners, and even consumers) use multi-factor authentication or MFA. Since it adds an additional layer of protection, MFA is an essential step to both prevent ransomware and improve your cybersecurity in general.
- Train your employees on how to detect suspicious emails, links, and websites. Human behavior is the leading culprit in spreading malware. It occurs when employees click an email phishing link or social media clickbait. When you educate your staff through training, you can minimize the risk.
- Disable macro scripts on files shared via email. This is an important component of employee training.
- Since threats will sometimes get through the human side, make sure you have technology that you can trust. Install and maintain antivirus/malware protection, especially on email programs. If you are doing this in-house, research the best programs and consider buyer reviews on online retail sites before you make a selection.
- How do you minimize the risk of one infected machine spreading malware throughout your network? One way is maintaining strong firewall protection.
- Criminals often access your system through security gaps. Make certain that all enterprise software is updated with the latest releases and patches. Software firms understand existing threats and continually improve security to combat them.
- One way to prevent damage is to limit access. Administer IT user permission security so employees have access to only the software and functionality required for their jobs.
- As a final safeguard, perform regular external backups and quarantine them from your network as soon as they’re completed. Keep archival history as much as possible. That way, if an attack does happen, you have access to backup data – even if it is slightly dated.
- Finally, create a contingency plan. If you do fall prey to ransomware, you’ll be better prepared to cope if you have plans in place both to continue operations and to speed recovery. Read on to learn more.
Create a Contingency Plan
Regardless of how well you have prepared your business, there’s still a chance that you will be attacked. That’s why our IT experts always recommend creating a contingency plan that will allow you to function in the event that ransomware compromises your business.
First, set up a cryptocurrency wallet. If your organization is hit and you decide to pay the ransom, you’ll be able to pay much more quickly if you already have this in place. This will allow you to get your business back up and running and lose less income to downtime.
Next, you should always notify the FBI if ransomware infects your systems. Unfortunately, the FBI estimates that more than half of all targets don’t report ransomware attacks. Why? Many organizations fear bad publicity, so they want to minimize the circle of entities involved. The reason is that financial and business process recovery is difficult enough without bringing the press and public into the picture.
What you need to remember is that the FBI is the lead federal agency for cybercrime. Since their investigative and technological capabilities are state-of-the-art, no one is better equipped to help you navigate an attack and potentially recover your data. Also, seek out cybersecurity experts to review your systems, find solutions, and better secure your network for the future. We advocate doing this often to prevent an attack, but you also need an experienced team afterward to advise you on how to move forward.
Something you can’t plan for in advance is whether or not to pay the ransom. The FBI suggests that you do not pay. However, most victims pay once they understand the magnitude of their potential loss. Ultimately, the decision is up to your company leadership and will depend on the amount of the ransom, the percent of data and systems impacted, how strong your backups are, and other factors. In many cases, the cost of paying the ransom is far less than the potential loss from operational downtime.
Ransomware Can Happen to Anyone
What you need to understand from an organizational standpoint is that ransomware and cybercrime are increasing, as are the resulting impacts on businesses. Educating your employees and preparing for an attack in advance are the best defenses. Since these threats are real – and cybercriminals are savvy, today’s IT professionals need to be proactive and equip themselves with the tools and the knowledge to keep their companies safe.
Dyrand Systems can help you stay ahead of the evolving threats like ransomware while also helping to maximize your IT budget, fulfill your company’s support needs and scale your network and infrastructure growth based on your business strategy. We follow the Centre for Internet Security cybersecurity best practices, and our cloud services and hosting partner Microsoft complies with SOC2 Type II. We can also lower your TCO by defending your infrastructure assets and websites with processes that address compliance requirements for PCI, GBLA, SOC, CSAE, and other regulations.