Ransomware - A Real Danger
Be knowledgeable and prepared
Protect Your Business
Ransomware (definition): An online attack perpetrated by cybercriminals who demand ransom to release hold on encrypted or stolen data. In the past decade, attacks that fall under the ‘ransomware’ umbrella have evolved from a consumer-level nuisance of fake antivirus products, to sophisticated malware with advanced encryption capabilities that now primarily target public and private sector organizations. And while threat intelligence can help uncover which organizations may be considered primary targets at any given time, no single industry, geography or size of business is immune. As the footprint of ransomware keeps evolving, so too does the amount of ransom demanded to release data. Ransom amounts that used to total double digits have grown to seven and eight figure numbers. In even more extreme cases, attackers demand victimized companies pay as much as $40M to $80M U.S. to have data released back to their control.
Ransomware has evolved along a third axis, as well: the extortion-like business model threat actors use to force payment from victims. If victims fail to pay within the allotted time, criminals escalate the attack and threaten to release confidential data publicly, or even auction it to the highest bidder on the dark web. And in yet another evolutionary twist, ransomware is now sometimes blended with destructive attacks, ultimately aimed at destroying and disrupting operations despite claims to return the data once the ransom is paid. Ransomware is one of cybercrime’s strongest business models today, pushing aside long held staples like banking Trojans, phishing, DDoS, and cryptojacking. Ransomware has crippled organizations across the globe carrying with it cumulative price tag well into the billions of dollars. In an even darker twist, ransomware has even begun reaping a toll on human life itsel
The urgency of informed response
When a ransomware attack is discovered, every second counts. Uninterrupted, time is the ally of the attacker. As time passes, more data and files are encrypted, more devices are infected, ultimately driving up both cost an damage. Immediate—yet methodical and informed—action must be taken.
Alerting IT security teams and allowing them to launch the incident response process that they have prepared to combat ransomware should be a first step. If you have a retainer contract with a third party provider it is advisable to engage them as well. Other parties to consider contacting are federal law enforcement and regulators, depending on the local requirements for the geographies in which your company operates.
Ransomware attacks in 2021
Increase in attacks in the past year
Attacks per customer
Depending on the results of your root cause analysis, if the attack was made possible by vulnerable systems, those will have to be patched to prevent them from being re-exploited in the future.
Ultimately, some organizations feel compelled to make a decision about whether or not to pay a ransom. Factors that may force this decision more rapidly include a need to resume operations as quickly as possible, or to regain access to important files that cannot be recovered by other methods.