Ransomware is a kind of malware used by cyber criminals to prevent users from accessing their systems or files; cybercriminals then threaten to disclose, destroy, or withhold sensitive information unless a ransom is paid.

Ransomware attacks can target either data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In either case, once the ransom is paid, hackers usually provide victims with a decryption key or tool to unlock their data or device, although this is not guaranteed.

Oliver Pinson-Roxburgh, CEO of Defence.comthe all-in-one cybersecurity platform, shares in this article its knowledge and advice on how ransomware works, what damage it does, and how your business can mitigate ransomware attacks.

What does a ransomware attack include?

There are three key elements in a ransomware attack:

To access

In order to deploy malware to encrypt files and gain control, cybercriminals must first gain access to an organization’s systems.

Trigger

Attackers have control of the data as soon as the malware is activated. The data is encrypted and is no longer accessible by the targeted organization.

Request

Victims will receive an alert that their data is encrypted and inaccessible until a ransom is paid.

A big deal for cybercriminals

The motivations of cybercriminals who deploy malware can vary, but the end goal is usually financial gain.

What is the cost of being targeted by ransomware?

The average payout for ransomware attacks increased from $312,000/£260,000 in 2020 to $570,000/£476,000 in 2021, an increase of 83%. A report also showed that 66% of organizations surveyed fell victim to ransomware attacks in 2021, nearly double that of 2020 (37%). This underscores the need for businesses to understand risk and build stronger defenses against threats.

Ransomware continues to be among the most common cyberattacks in 2022, due to its lucrative nature and the relatively low level of effort required from perpetrators. This debilitating attack causes an average downtime of 3 weeks and can have major repercussions for an organization, its finances, operations and reputation.

Because there is no guarantee that cybercriminals will leak any data after paying a ransom, it is crucial to protect your data and keep offline backups of your files. It is also very important to proactively monitor and protect entry points that a hacker can exploit, to reduce the possibility of being targeted in the first place.

Who is at risk of ransomware?

In the past, cybercriminals usually targeted high-profile organizations, large corporations, and government agencies with ransomware. This is known as “big game hunting” and assumes that these companies are much more likely to pay higher ransoms and avoid unwanted media and public scrutiny. Some organizations, such as hospitals, are higher value targets because they are much more likely to pay a ransom and do so quickly because they urgently need access to important data.

However, ransomware groups are now focusing on small businesses, in response to increased pressure from law enforcement cracking down on well-known ransomware groups such as REvil and Conti. Small businesses are seen as easy targets that may lack effective cybersecurity defenses to prevent a ransomware attack, making it easier for them to penetrate and exploit.

Ultimately, threat actors are opportunists and will view most organizations as targets, regardless of size. If a cybercriminal notices a vulnerability, the company is fair game.

How is ransomware deployed?

Phishing attacks

The most common method of distributing ransomware is a phishing attack. Phishing is a form of social engineering and an effective method of attack because it relies on deception and creates a sense of urgency. Threat actors trick employees into opening suspicious attachments in emails and this is often achieved by impersonating higher-level employees or other trusted authority figures.

Malicious advertising

Malicious advertising is another tactic used by cybercriminals to deploy ransomware, where advertising space is purchased and infected with malware which is then displayed on trusted and legitimate websites. After clicking on the ad, or even in some cases when a user goes to a website that hosts malware, that device is infected with malware that scans the device for vulnerabilities to exploit.

Exploitation of vulnerable systems

Ransomware can also be deployed by exploiting unpatched and outdated systems, as was the case in 2017, when a security vulnerability in Microsoft Windows, EternalBlue (MS17-010), led to the global WannaCry ransomware attack. which has spread to more than 150 countries.

It was the biggest cyberattack to hit the NHS: it cost £92million in damage, plus additional IT support costs to restore the data and systems affected by the attack, and it had a direct impact on patient care through canceled appointments.

Four key ways to defend your business against ransomware

It is essential for businesses to be aware of how a ransomware attack can affect their organization and how they can prevent cybercriminals from breaching their systems and holding sensitive data for ransom. Up to 61% of organizations with security teams of 11-25 employees are most concerned about ransomware attacks.

The NHS could have avoided being hit by the WannaCry ransomware attack in 2017 by heeding warnings and moving away from outdated software, ensuring that strategies were in place to strengthen their security posture.

It’s critical that your business takes a proactive approach to cybersecurity by implementing the right tools to help monitor, detect, and mitigate suspicious activity on your network and infrastructure. This will reduce the number and impact of data breaches and cyberattacks.

Defence.com recommend these four fundamental tactics to help prevent ransomware attacks and stay ahead of hackers:

1 — Training

Cybersecurity awareness training is essential for businesses of all sizes, as it helps employees spot potentially malicious emails or activity.

Social engineering tactics, such as phishing and tailgating, are common and effective due to human error and employees failing to detect risks. It is essential that employees be alert to emails containing suspicious links or containing unusual requests to share personal data, often sent by someone posing as a senior manager.

Security training also encourages employees to interview visitors to your offices to prevent ransomware attacks through physical intrusion.

Implementing cybersecurity awareness training will help your company educate and regularly assess your employees on fundamental security practices, creating a culture of security to reduce the risk of data breaches and security incidents. security.

2 — Phishing Simulators

These simulation tools support your security awareness training by sending fake but realistic phishing emails to employees. Understanding how likely your staff is to fall for the tactics of a real cybercriminal allows you to address gaps in their training.

When you combine phishing simulators with security training, your organization can reduce the risk of falling victim to a ransomware attack. The combination of training and testing puts you in a better position to prevent clever attempts by cybercriminals to infiltrate your computer systems and plant malware.

3 — Threat monitoring

You can make your business a lesser target for cybercriminals by actively monitoring potential threats. Threat Intelligence is a threat monitoring tool that gathers data from various sources, such as penetration tests and vulnerability scans, and uses this information to help you defend against potential malware and ransomware attacks . This overview of your threat landscape shows the areas most at risk of a cyberattack or data breach.

Being proactive allows you to stay one step ahead of hackers and by introducing threat monitoring tools to your organization, you ensure that any suspicious behavior is caught early to be corrected.

4 — Endpoint Protection

Endpoint protection is essential to understand which of your assets are vulnerable, to help protect them and fend off attacks from malware like ransomware. More than just traditional antivirus software, Endpoint Protection offers advanced security features that protect your network and the devices on it from threats like malware and phishing campaigns.

Anti-ransomware features should be included in endpoint protection so that it can effectively prevent attacks by monitoring suspicious behavior such as file modifications and file encryption. The ability to isolate or quarantine all affected devices can also be a very useful feature to stop the spread of malware.

In summary

While ransomware groups are constantly looking for vulnerabilities to exploit, it’s important for organizations to develop strong strategies to prevent ransomware threats: ensure your staff undergo regular security awareness training, set up tools threat monitoring to detect and alert you to vulnerabilities, and implement endpoint protection to protect your devices on your network.

Following the guidelines above will increase your chances of protecting your business from ransomware attacks that could cost your organization a substantial amount of money and damage its reputation.

Defense.com believes that world-class cyber protection should be available to all businesses, regardless of size. For more information, visit Defence.com.

To note – This article is written and contributed by Oliver Pinson-Roxburgh, CEO of Defense.com.