Ransomware is one of the most dangerous forms of cyber attacks around. It can affect organisations of any size and in any industry. For example, the NHS was hit by a WannaCry ransom attack that left the British state health system at a standstill for several days.
CyberSecurity Ventures believes the cost to the global economy of ransomware attacks will rise to $20 billion by the end of 2022. In fact, they predict that there is a ransomware attack on a business or organisation every 11 seconds.
What is ransomware? How would one of these malicious attacks cost your business? Who is behind them? What should you do if you’re hit with a double extortion ransomware attack?
In this article, we’ll answer some key common questions about ransomware and help you protect your organisation from its devastating impact.
Ransomware is a type of cyber attack where malicious software (malware) encrypts an organisation’s files, databases and applications and “holds them ransom” by asking for a large payment sum to unlock their data.
Attackers can first gain access to your network to install the malware. Many ransomware attacks are viruses or trojans that hide in files downloaded from the internet or through an email attachment.
Less commonly, criminals may target your organisation specifically and may even try to gain access to your physical systems to install the malware onto your network.
A ransomware program will then use asymmetric encryption to scramble your data using complex mathematical equations and generate a public-private pair of keys. These keys are the solutions to these equations and are the only way to unlock your data.
It may also spread across to other systems or even other organisations if it detects security vulnerabilities in your network. That’s exactly what WannaCry achieved in the NHS.
The criminals will then demand a sum of money in exchange for the private key.
The AIDS Trojan, also known as the PC Cyborg virus, was responsible for the first ransomware attack ever. Back in 1989, biologist Joseph Popp sent 20,000 floppy disks to the attendees of the United Nations AIDS conference.
The program would hide the directories and encrypt the files on the host computer’s main drive. Popp demanded $189 be sent to PC Cyborg Corporation via a PO box in Panama to regain access.
In reality, the AIDS Trojan was pretty straightforward to crack as the encryption methods used weren’t particularly complex. However, that is not the case today – as many encryption procedures are impossible to decrypt without the private key.
If a ransomware virus successfully infects your network, all your critical files and applications will be inaccessible. Even if you don’t pay the high ransom fees, the cost of recovering data and fixing system damage is particularly dear.
According to Sophos, the average cost of a ransomware attack on a UK business stands at an eye-watering $1.96 million (£1.7 million).
For small and medium businesses (SMBs) that aren’t prepared to defend against an attack of this scale, a ransomware attack could be too costly to come back from. In fact, almost 60% of SMBs go out of business within six months of a cyber attack.
Unlike other forms of cyber attacks, many ransomware attacks are carried out by organised groups known as ransomware gangs. There is a fair bit of infrastructure needed to facilitate these attacks – from distributing malware to accepting payment and sending private keys.
Cybercriminals join these organisations to attack bigger targets and raise more ransom funds than they would be able to individually.
For example, Hive is one of the most notorious ransomware gangs in operation. They pooled their resources to hit high-profile targets such as Costa Rican Social Security Fund and even the Ohio Memorial Health System.
The unfortunate truth is that any business, of any size, can be targeted for a ransomware attack. However, criminals do tend to focus their efforts on key industries.
Trellix found that the most common industry targetted is banking & finance (22%). This is followed by:
These businesses are particularly lucrative as they are critical infrastructure, and so a loss of productivity and data in these fields is particularly catastrophic.
However, firms in any industry should be protecting themselves from ransomware attacks.
A double extortion ransomware attack is where a criminal steals and exfiltrates a victim’s data alongside encrypting it. This gives the attack some more leverage to demand a successful ransom sum.
The idea here is to find sensitive data that would be costly to leak. For personal attacks, this could be information that might embarrass or harm the reputation of the victim.
For businesses, this data could be trade secrets, customer data, information about employees etc. Attackers can also sell this stolen information to third parties or publish them on dark web forums.
Security organisations such as the NCSC and the FBI warn strongly against paying a ransom. Why? There’s no guarantee that your attacker will unlock your files if you pay the ransom fee.
The attacker may even ask for more money if they feel your organisation will pay up. These ransom sums may even fund other criminal activities such as targetting other firms or funding other aspects of organised crime.
You should instead invest in protecting your critical infrastructure from cyber-attacks and be prepared.
Here are some important steps to follow to avoid a ransomware attack and mitigate the impacts of a successful infection:
It’s important to have a detailed response and continuity strategy to avoid costly loss of data and productivity. What actions and first response needs to be done when an attack happens? How will your security team remove the virus from your network? What is the process for restoring files from off-site backups? Who’s responsible for actioning this strategy?
It’s important to have a detailed response and continuity strategy to avoid costly loss of data and productivity.
What actions and first response needs to be done when an attack happens? How will your security team remove the virus from your network? What is the process for restoring files from off-site backups? Who’s responsible for actioning this strategy?
As soon as you detect a ransomware attack, you should:
Ransomware attacks, if unprepared, can be one of the most costly forms of cyber crime to businesses of any size. However, if you’ve taken the necessary precautions, responding to these attacks can be far easier and less costly.
To achieve this, you’ll need to have a smart and adaptable cyber security strategy. Need some help configuring backups and finding storage solutions? Want to configure a watertight antivirus and email filter? Need assistance in responding to a cyber attack quickly?
Get in touch with our experts today to find out how we can help!