What is Ransomware?
Ransomware is a type of cyber-attack where malware encrypts an organisations system. The cybercriminal will then hole them ransom and ask for a large sum of money to retrieve their data. An attacker will use an asymmetric encryption to scramble your data meaning that you will not be able to access your data without knowing the complex mathematical equation that the hacker has enforced. The malware can also spread across to other systems or even other organisations if it detects security vulnerabilities in your network.
Who is most likely to be a victim of a ransomware attack?
Trellix found that the most common industry targeted is banking & finance (22%). This is followed by:
Although the industry’s above are the most heavily targeted, ransomware gangs will attack any business that holds any lucrative data, so all businesses should protect themselves.
The average cost of a ransomware attack
SMB’s that are reluctant to invest in security to defend them from potential ransomware attacks and other cyberthreats could be their own worst enemies. The average cost of a ransomware attack on a UK business stands at an eye-watering $1.96 million (£1.7 million), According to Sophos.
Who carries out ransomware attacks?
Most ransomware attacks are carried out by ransomware gangs. These attacks take planning and there is a methodical process that these ransomware gangs will go through in order to be successful when attacking a business. Cybercriminals join these organisations to attack bigger targets and raise more ransom funds than they would be able to individually. Hive is one of the most famous ransomware gangs and they are still in operation.
Double extortion ransomware
A double extortion ransomware attack is where an attacker steals and exfiltrates a victim’s data alongside encrypting it. This gives the attack some more leverage to demand a successful ransom sum. The point of this attack is to gain access to personal data that may be private or embarrassing and use that to retrieve larger ransom fees. For businesses, this could be corporate secrets or client data.
How to prevent a ransomware attack?
Below ae some key steps to follow to mitigate the risk of falling victim to a ransomware attack:
- Back up your data – the simplest way to recover lost data is from a backup solution. It is important that your backup location is not connected to your network as this may be encrypted post ransomware attack.
- Keep multiple backups of important data – you should never rely on one backup. The easiest and most effective way to have numerous backups is in the cloud.
- Install antivirus software and implement new security features – You should use security tools to fill holes in your IT infrastructure. Implementation of security products like Sentinel One and Datto SaaS protection can help to strengthen your security posture.
- Employee education – cybercriminals use social engineering to spot weaknesses in a business’s workforce. Frequent cybersecurity training will help your employees spot and report suspicious activity.
Should I pay ransom?
Many security organisations have the mindset of why pay a ransom fee, there is no grantee that the cybercriminal give you your data back afterwards. The attacker could even ask for more money once you have paid the first ransom fee. Also, the ransom fees could fund other criminal activity and organised cybercrime. Instead of maybe having to pay a ransom fee, businesses should invest in enhancing its security posture to mitigate the risk of cyberattacks.
What should I do if I’m a victim of a ransomware attack?
As soon as you detect a ransomware attack, you should:
- Immediately disconnect the infected systems.
- Shut down network connections.
- Reset any passwords
- You should verify the ransomware virus is removed from your network before restoring data from a backup.
- Run an antivirus to check the security health of your network. Run antivirus scans on network traffic to see if any infections remain.