An ominous splash screen, missing files and, naturally, a ransom note demanding payment: the calling card of a particularly vicious strain of cyberattack known as ransomware.
Aptly named, ransomware is a type of malware that aims to encrypt files on your device or network. The cybercriminals then demand payment—usually in the form of bitcoin, which accounts for 98% of all ransomware payments—in exchange for decryption codes that unlock your sensitive files.
Several high-profile cases in the last few years have exposed the true menace of ransomware, including the 2017 WannaCry virus that ensnared more than 200,000 computers in 150 different countries before researchers discovered a kill switch embedded in its code.
Traditionally, ransomware has employed an industry-specific strategy when it comes to targeting its victims, zeroing in on those that harbor large quantities of sensitive data like health care and government entities. However, this trend is evolving, and other industries may now find themselves between the crosshairs of the next ransomware attack.
“Every business that depends on computers is at risk for ransomware. Industries that historically faced less criminal pressure, such as manufacturing, are now equally at risk,” said Jeff Stull, Founder and CEO of Risk Analytics.
The Rise of RaaS
You may know SaaS (software as a service) as a newly popular business model for tech companies. But as threats have become increasingly more sophisticated, cyber actors are applying the same delivery method to ransomware. RaaS (ransomware as a service) is making it easy for inexperienced hackers to break into the cybercrime ring without so much as writing a line of code.
Within clandestine sectors of the internet are forums flooded with ransomware offerings, effectively making ransomware the “gateway drug” of cybercrime. RaaS is projected to continue its upward trend for 2020, with more and more forums taking advantage of aspiring hackers.
Aside from hacker-on-hacker crime, RaaS gives rise to an unsettling reality that anyone from your next-door neighbor to your hairdresser could be moonlighting as a cybercriminal. What’s more, as these threats continue to evolve, some popular security measures become less effective as criminals learn to circumvent them.
When it comes to firewalls and VPNs, “Neither of these provide meaningful security against today’s threats,” said Stull. “As the sophistication and cost of ransomware continues to climb, these modern threats will require modern solutions.”
The Cost of Ransomware
A study from the Ponemon Institute cited a general uptick in the average annualized cost of cybercrime across all industries. Topping the list were financial services, utilities and energy and aerospace and defense, revealing the broad reach of cybercrime.
Indeed, an article from Forbes corroborates the findings, revealing a disturbing trend of sky-high ransomware recovery costs. The last quarter of 2019 saw costs more than double, averaging over $84,000 per incident. Tangible costs of a ransomware attack include compromised devices, forced down-time from interrupted business, enlisting security teams and, in some cases, even paying the attackers’ ransom. Couple that with the intangible damage to your organization’s reputation and your peace of mind, and ransomware levies a heavy tax on its victims.
The first six months of 2020 saw organizations spend more than $144 million in response to ransomware, a figure that only includes the 11 biggest attacks of the year thus far. In June, the University of California San Francisco paid more than $1.14 million to hackers who targeted the university’s School of Medicine.
Closer to home, Kansas City-based Garmin also paid a multimillion-dollar sum at the end of July after an attack shut down some of the company’s operations for several days.
This landscape paints a grim picture for cybersecurity operations, creating the ever-looming question of what to do “when” rather than “if” an attack happens. While there’s no cure-all when it comes to this “cyber pandemic”, there are strategies your organization can employ to reduce your risk of infection:
1. Your best defense is a good offense.
As threats become increasingly sophisticated, they can more easily side-step your cybersecurity measures and pass through your network’s defenses, remaining undetected until it is too late.
“Once a machine is encrypted and you are held ransom to get the decryption key from the cybercriminals, unless you have a current backup for the system you are already in trouble,” Stull said.
Therefore, it stands to reason that your network’s best defense is a good offense. Employing security tactics that are proactive rather than reactive, like integrating weaponized threat intelligence that helps block the black-hatted bad guys before they ever touch your network.
2. Promptly patch your software.
Part of any good cyber hygiene routine is maintaining up-to-date software. Continuously updating your software to the current version helps mitigate zero-day threats from vulnerabilities in networks. A recent flaw discovered in all versions of Microsoft‘s Windows is being exploited by opportunistic hackers who unleash malware on unsuspecting users, including ransomware. A patch for this vulnerability was released in April, but the incident underscores the importance of patching software as soon as possible.
3. Train your staff on cybersecurity.
No matter how robust your security measures are, it can be difficult to account for human error. When it comes down to it, your security is still vulnerable to an unsuspecting-staff member clicking on a malicious email or link. Training your staff to spot suspicious links is necessary to reduce the risk of error-related attacks on your network. Furthermore, the quicker an employee can identify the signs of an infected device, the quicker it can be quarantined to prevent a virus from spreading to the rest of your network.
Even with comprehensive training, the risk for a phishing scam making its way through a firewall or an errant click from an employee remains. Additional layers in your security can not only filter the number of malicious attempts on your network, but block them altogether— even after they flout your firewall. Proactive threat intelligence, such as ShadowNet, provides actionable data that can locally shun a threat, subverting it before it’s too late.
4. Back it up.
In the worst-case scenario, a piece of ransomware has found its way through your defenses and encrypted your files, jeopardizing your company’s sensitive data.
“If you don’t have a restorable backup you have two options,” Stull said, “Reimage the machine or pay the ransom. In this case, having a corporate cyberinsurance policy may help mitigate the financial impact.”
Continuously backing up data can protect your company from paying for recovery services or even the hackers’ ransom. Keeping a copy of your data off-site will not only prevent ransomware from crippling your system but give you some peace of mind in the event of a threat.
Ransomware will continue to be a threat
Ransomware evolved into a billion-dollar industry seemingly overnight. Attacks that were once considered a nuisance are now high-profile data breaches and extortion, carried out by organized cybercriminal groups around the world. With RaaS offerings available to unskilled, wannabe hackers, the looming shadow of ransomware is not leaving anytime soon. While it will remain a pervasive threat, implementing these strategies and utilizing top-of-the line security technology will be your best safe-guard against hackers.
To learn more about RiskAnalytics’ global threat intel, ShadowNet, reach out to us today for a free trial at firstname.lastname@example.org.