Ransomware made a lot of headlines recently, from a New Jersey school system canceling finals to a 157-year-old college in Illinois closing its doors. Last year, many regions of the U.S. experienced severe gas shortages when a ransomware attack hit the Colonial Pipeline.
In a ransomware attack, cyber criminals first gain access to the targeted network or application, often through phishing or by using stolen credentials. They then encrypt the organization’s data. The cyber criminals hold the data hostage until the organization pays the ransom. Many cybersecurity professionals regard paying the ransom as controversial. Instead, they recommend businesses take measures to get back up and running in other ways.
Ransomware attacks have significantly increased in the past two years, along with their financial impact. According to Sophos’ The State of Ransomware Report 2022, 66% of organizations experienced a ransomware attack in 2021, a 37% increase over 2020. Additionally, the report found that the average ransom payment increased to over $800,000 — five times the amount demanded in 2020. The cost of a ransomware attack is significant for an organization, even if they choose not to pay the ransom. The IBM Cost of a Data Breach Report in 2021 found that an average ransomware attack cost $4.62 million, which is higher than the $4.24 million average cost of a data breach.
When businesses experience a ransomware attack, they suffer losses due to disruption and reputation damage, as well as the financial loss of paying the ransom (if they choose). Because the damages can be so great, businesses should proactively work to prevent ransomware attacks, reduce the damage if they are attacked, and ensure that they can quickly recover from an attack.
Here are five ways businesses can protect themselves and their data against ransomware attacks.
Previously, businesses focused on protecting their physical network and perimeter. However, with the increase of digital processes and remote working, the traditional perimeter no longer exists in most cases. Businesses increasingly move to the zero trust framework to prevent cyber attacks of all kinds, including ransomware. The Microsoft Zero Trust Adoption Report 2021 found that 76% of organizations surveyed are in the processes of implementing zero trust.
Zero trust is not a single technology or strategy. Instead, it’s a framework that combines multiple cybersecurity principles and uses various technologies. With zero trust, the system starts by assuming that the device or user requesting access is not authorized. It requires proof of authorization, such as using multifactor authentication.
Zero trust also requires that all users are granted the least privileged access, meaning they only have access to the apps and sections of the network required to do their job. When a ransomware attack happens at an organization using the least privileged access, the damage can be mitigated because the cyber criminal only has limited access to the stolen credentials. Businesses using zero trust should also use micro-segmentation, which portions the network into very small sections. If a ransomware attack is launched, microsegmentation significantly limits the data compromised during the attack because the cyber criminal only has access to the microsegment.
Cyber criminals can begin a ransomware attack by gaining access to an organization’s critical systems and then taking the data hostage. Making it harder for criminals to gain unauthorized access or use stolen credentials reduces the risk of a ransomware attack. MFA is a part of the zero trust approach and should be prioritized while implementing a zero trust policy, as it can significantly reduce ransomware attacks.
To access an application or network that employs MFA, the user must prove their identity two different ways, which makes it much more challenging for a cyber criminal to gain access. For example, a business can require both a password and verification through a code sent to the phone number associated with the account. Because the cyber criminal must possess both the phone and the password, MFA reduces the risk of unauthorized access and a subsequent ransomware attack.
Businesses can reduce the impact of an attack by regularly backing up their data. When a company always has access to its most current data, no one has to make the tough decision regarding whether or not to pay a ransom. Businesses can also get back up and functioning after the attack much more quickly. Sophos found that 73% of organizations used backups to restore data encrypted during an attack.
It’s important to store the backup off-site and not connected to the network. If the backup is on the same server as the data, it can be corrupted by the ransomware attack and useless for recovery. Companies need to test their entire recovery process to work out any issues , so if a ransomware attack occurs, systems can get back to functioning as quickly as possible. In addition to testing the recovery process, organizations need to make sure backups are saved and working properly. Many businesses have been dismayed to learn too late that there was an error in their backup process, which hampered recovery after an attack.
According to the IBM X-Force Threat Intelligent Report, 41% of attacks started with a cyber criminal using phishing to gain access. Unfortunately, it’s very easy for employees to accidentally click on a phishing link or download a malicious file that can launch a ransomware attack. CryptoLocker, which is one of the most well-known ransomware viruses encrypted data from over 500,000 computers and extorted more than $27 million using phishing emails.
Cyber criminals have perfected the art of creating phishing emails that look authentic, even including corporate logos and creating email addresses similar to those used by the company they mimic. Businesses can protect themselves from these deceptions by using technology that scans incoming emails for potentially malicious links and files. And because cyber criminals create new schemes, it’s crucial to stay up to date on the latest techniques and keep employees informed.
The best prevention starts with educating employees about how to spot potential phishing schemes. Training sessions can show examples of phishing emails and point out signs that indicate they are fraudulent, such as spelling mistakes oran email address that does not match the sender. A clear process for what employees should do if they suspect a malicious email, such as forwarding the email to IT, is extremely helpful. Employees also need to know what to do if they accidentally click on a link or download a file from a phishing email, such as disconnecting the computer from the network and contacting IT immediately.
As many people have become smarter about phishing schemes, cyber criminals have started a new approach — vishing. With vishing, the attack starts with a voice call, which often causes employees to let their guard down. During the call, the cyber criminal tricks the employee into logging in to a phony website that captures their username and password. Then, they use the credentials to access the network and launch a ransomware attack.
In recent years, vishing cases have risen, with the FBI even releasing an official warning. TheProofpoint State of the Phish report found that 69% of organizations faced vishing attacks in 2021. However, only 23% of organizations globally discuss vishing in their employee cybersecurity training.
Because the damages can be so great, businesses should proactively work to prevent ransomware attacks, reduce the harm in the event they are attacked, and ensure that they can quickly recover.