Payment demands for ransomware have skyrocketed into tens of millions of dollars, which no one can dispute is a new high. There are a wide variety of causes behind this. Some are simple, such as threats presented by pandemic-weary organizations and employees logging in from insecure home networks; others are more complicated, such as the ever-increasing interconnectedness fueled by progressing digitalization.
According to Cybersecurity Ventures’ projections, businesses would spend $265 billion on ransomware in 2031. Security risks against ICS and OT more than quadrupled in 2020, while supply-chain assaults increased by 42% in the first quarter of 2021 in the United States, impacting up to 7 million people.
Looking at the big picture, the true impact of a ransomware assault on a business might be difficult to comprehend. Here are some concrete examples of expenses to help put the total into context: After shutting down, Colonial Pipeline paid a reported $4.4 million ransom, while global meat giant JBS paid $11.0 million, and global insurance firm CNA Financial reportedly paid $40.0 million. In addition, up to 2,000 businesses worldwide were placed in jeopardy because of a ransomware assault on US software supplier Kaseya that aimed to encrypt the company’s remote computer management tool. However, these estimates need to account for the opportunity costs of having executives and specialized teams divert time and energy away from their day-to-day jobs for weeks or months to deal with an attack and its aftermath or the lost income that occurs.
Low-cost ransomware-as-a-service (RaaS) operations have propelled this cyber threat out of the executive suite and into the spheres of responsibility of boards of directors, regulators, law enforcement, industry groups, insurers, and the cybersecurity vendor community.
Companies must stay resilient by concentrating on ransomware prevention, preparedness, response, and recovery methods as governments, law enforcement, and regulators battle ransomware concerns, including transparency and supervision of cryptocurrencies. Whether or not a company pays a ransom depends on its degree of cyber maturity, which may be increased by implementing the four techniques above. This will create a resilient environment where assaults will still occur but have less effect.
Prevention
Having a secure workplace requires awareness of the tools, the data, and the people they exchange information with and constant vigilance. Being alert is essential. To achieve this goal, an organization’s leadership at all levels must be on the same page and commit to treating security as an ongoing process that involves a delicate balancing act between technology and human factors.
Coveware’s ransomware statistics for the fourth quarter of 2020 and the first quarter of 2021 show that 75 percent of ransomware breaches start with a phishing email or a Remote Desktop Protocol (RDP) penetration, so businesses must strike a careful balance between the two to protect themselves. Further, Verizon’s 2021 Data Breach Investigations Report indicates that malware is deployed directly or via desktop-sharing applications in 60% of ransomware occurrences (DBIR).
Preparation
In the event of an assault, a core team that has spent time preparing for it (including top executives) will be in a far stronger position to react than one that must do it on the fly. It is in the company’s best interest to develop a strategy for business continuity and to put it into practice via various exercises.
Response
Time is of the essence during a ransomware assault. Thus communication and cooperation are essential. When a ransomware assault is detected, a company shouldn’t divide up the problems it faces. A company’s chief information security officer is responsible for maintaining open communication and working relationships with the company’s board, C-suite, impacted business units, compliance and risk, legal, and crisis communications, teams.
Recovery
Regardless of the circumstances, cleaning up after a ransomware attack may be complicated. Even if you pay for a decryption key and it works, you’ll still have to make a lot of effort to bring everything back to normal since the attackers disabled services and databases that weren’t built to be shut down so abruptly. Restoring networks from backups takes time if payment is delayed.
Indeed, Coveware research found that a firm’s average downtime after a ransomware attack was 21 days. According to the National Security Institute, the average ransom demand rose from $6,000 in 2018 to $210,000 in 2020. However, consider that factors such as the size of the firm, its annual income, its industry, and its significance will all affect the amount of money demanded as a ransom.
Verify. Ransomware attacks are a business for the perpetrators, who value their reputations highly. However, keep in mind that you are working with criminals, and as the deadline for paying the ransom approaches, the organization will want additional assurance that the attackers possess the data they claim they have. Demand a sample before you commit.
Determine the points of contention. In most cases, forensics teams can locate or activate the decryption key for major, well-established organizations. Whether or not a corporation pays a ransom relies on the value of the information at stake and the cost of protecting it from loss or disclosure.
Don’t be fooled; ransomware is disgusting. However, businesses may recover from assaults without paying a hefty ransom if they adopt preventive, preparation, reaction, and recovery tactics. The best method to keep the business operating is to communicate, prepare in advance, and recognize the risks involved.
