With its damage cost predictions reaching $20 billion by 2021, ransomware is a major problem for both individuals and organizations.
Ransomware is a kind of malware attack where hackers lock and encrypt the victim’s data. After blocking access to a computer system or files, they demand a payment to unlock and decrypt the data. Most ransomware is delivered via email, either by clicking a phishing link redirecting to a malicious webpage or by downloading a document that contains some sort of malicious software. The payment they demand is usually in bitcoin, making it difficult to trace.
There are thousands of ransomware types, and they are constantly evolving. Some of them, such as WannaCry or the fairly new Sodinokibi, have been more successful than the others in spreading and plaguing the organizations across the globe.
Main targets of ransomware
According to Cybersecurity Ventures, there will be a ransomware attack on businesses every 11 seconds by 2021. Any kind of business or organization can become a victim: from governmental organizations, law firms, universities, to small businesses. The likelihood of becoming a victim of ransomware depends on many factors: how attractive the organization’s data is to hackers, how vulnerable the organization’s security is, and how quickly it will respond to a ransom demand. For example, hospitals are more likely to pay the ransom quickly, because they need immediate access to their files. On the other hand, small businesses often have weaker security, which makes them a good opportunity for cybercriminals.
The real costs and consequences of ransomware attacks
It is not hard to imagine the catastrophic consequences for the organizations unable to retrieve their vital data even for a few days. For instance, in May 2019, hackers digitally seized around 10,000 Baltimore government computers via ransomware attack, demanding around $100,000 in bitcoin to decrypt the data. As Vox reported, for two weeks city employees have been locked out from their email accounts, and citizens of Baltimore have been unable to access essential services, pay their water bills, parking tickets, and property taxes.
Unfortunately, the costs of ransomware attacks are not limited to the ransom payout. They also include post-attack damage: destruction or loss of data, lost productivity, restoration and deletion of hostage data and system, forensic investigation, and much more. In the Baltimore case, the city spent $10 million on recovery efforts.
What makes the ransomware attacks particularly tricky to deal with, is the difficulty of predicting these costs: is it better to pay the ransom and encourage the hackers to create even more ransomware, or to refuse and pay the restoration of the computer and reconstructing the lost data (which can far exceed the cost of the ransom, as we’ve seen in the Baltimore case)? Many companies opt for paying the ransom since the attackers make it cheaper than dealing with the recovery costs. However, paid ransom does not always mean that the files will be back. Sometimes the attacker will ask for money again and again, but never release the data.
So, what can be done?
Unfortunately, it is highly unlikely that the ransomware attacks will cease anytime soon. In fact, they are only getting more and more sophisticated and immune to traditional software-based endpoint protection. Still, some precautionary measures can reduce the risks and deter cybercriminals. One of the most important steps is having data backed up regularly. An additional layer of safety is having all the sensitive and confidential data stored on a cloud server.
Another important step is training the company’s employees on how to recognize and react to cyberattacks and heightening their cybersecurity awareness. Phishing emails are still one of the most common ransomware attack vectors, so team members should know how to spot a suspicious email and what kind of links and attachments not to click on.
Besides this, eliminating dependency on passwords can be a huge step forward in battling cybercrime, including ransomware attacks. They are proven to be an all-too-easy access point for hackers, especially when weak or used repeatedly on multiple platforms. Passwordless multi-factor authentication solutions provide a hassle-free instant sign-in using only biometrics (such as fingerprint or facial ID) and email to approve authorization. This will not only keep the company safe from stealing credentials, but also save time and effort for the company’s IT department.
Finally, an up-to-date and regularly checked anti-virus software will also lower the risk of ransomware attacks. The software must consist of anti-virus, anti-malware, and anti-ransomware protection.
So, instead of hoarding cryptocurrency for the worst-case scenario (paying the ransom) and wasting time on password management, implementing these measures can minimize the chances of being ransomware’s next target.