Ransomware is a type of malware used against organizations to seek monetary gain in exchange for regaining access and control over their systems and data. Traditionally, ransomware spreads throughout a network, encrypting files and servers, locking out users from accessing their machines and accounts.
Here we will recap several facts that had fueled the recent rise in ransomware attacks, with some insights to prevention and reaction.
- Many people will not like it, but Bitcoin is the key factor in the rise in ransomware attacks. The lack of oversight by any governing body coupled with anonymity makes the ideal currency in ransomware demands, and why they are so successful. The dangerousness of the malware relies on this rather than its technical complexity per se. Ironically this seems to be out of the scope of IT.
- The evolution of ransomware-as-a-service (RaaS) has also played a significant role in the proliferation of attacks. RaaS has moved the execution of a ransomware attack from "professional" to "script-kiddie."
- Another reason that ransomware continues to proliferate, is that users have not been properly trained or made aware of the dangers of opening malicious email attachments, which is the main vector that has been used to propagate the menace.
- A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)
- Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)
- The healthcare industry has historically been low hanging fruit for this malware. 2020 and 2021 were the annus mirabilis for them, because of Covid and the potential scams which ended in huge ransomware attacks.
- The average downtime due to ransomware is 21 days, and it takes organizations 287 days, on average, to fully recover from an attack.
- The golden rule is to never pay the ransom. There is no guarantee that the malicious actors will not vanish with the amount, leaving the data still locked. Besides, despite spending the ransom, one can face yet another attack anytime.
- The most effective deterrent to ransomware is to regularly back up and then verify your system, but these backups should be stored on a separate system that cannot be accessed from a network and updated regularly to ensure that a system can be effectively restored after an attack.
- The frightening rise of mobile ransomware is staggering. You may not realize that their handheld electronics are the next battlefield for domination of their personal information. In an increasingly mobile work environment, all businesses and their employees must be extra vigilant.
Other effective mitigation strategies include the following steps.
- Educate employees. Like other malware, ransomware often infects a system through email attachments, downloads, and web browsing.
- Restrict code execution. If ransomware is designed to execute from temporary and data folders, but it cannot access these folders due to access control, that could be a successful roadblock to data encryption.
- Restrict administrative and system access.
- Notify authorities. Consider informing authorities so they can help with the investigation. While law enforcement can assist with an investigation, it also increases the risk that data may never be recovered. Ransom payments tend to go up as time passes for the payment to be made.