Have you ever put a price on your organization’s data? Some hacker out there is probably prepping right now to help you with that. They’ll gladly hold onto your data until you nail down exactly how much you’re willing to pay to get it back.
Ransomware, if you’re new to the term, works just like it sounds. A cybercriminal gains access to your system, encrypts the data so that you can no longer use it and then demands a payment (typically paid in Bitcoin) to let you back into your own data. If you’re attacked by a less sophisticated hacker, however, the encryption key may not work, leaving your data unusable.
The first big wave in 2015 went after consumer devices and small ransom payments, but attacks on businesses have surged in the last year. Some experts are reporting jumps of 70+% in ransomware attacks this year as millions of workers have begun working remotely. Some recent estimates say that hackers target 90% of financial institutions every year.
The Price of Your Data
Clear ransomware stats are hard to come by since businesses understandably get shy about telling the world that they’ve been victimized. Experts have pegged the average payment at anywhere from $5,900 to $41,000. The highest ransoms, however, surpass seven figures. In June 2020, for example, the University of California-San Francisco announced that it had paid $1.14 million (116.4 Bitcoin) to regain access to its data. (You can see the negotiations between the university and the hacker here.)
For victims, the total tab includes far more than the ransom. A 2017 attack forced shipping giant Maersk to close 17 ports, costing the company more than $200 million. Some companies refuse to negotiate and try to retrieve data through other means, which could get costly if your data wasn’t properly and securely backed up.
A business with little tolerance for downtime and no backup system will be especially likely to pay up. A medical facility that can’t access its patient records or scheduling system, for example, is effectively shut down. And damage to a brand can be a deciding factor. A law firm that loses control of its sensitive data may never regain clients’ trust.
All this shows why paying the ransom frequently feels like the least bad choice—and why industry observers call ransomware “the cybercrime of choice” and “your biggest online security nightmare.”
A Crime That’s All Grown Up
The ransomware scene has developed all the underworld trappings of a drug cartel or weapons bazaar. Bad actors can visit online marketplaces to bid on access to hacked computers. Or they can hire an RaaS (ransomware as a service) mercenary to do the dirty work for a cut of the ransom. A few ransomware providers even have well-run call centers to ensure that decryption goes smoothly after the payment. No respectable criminal, after all, can afford for victims to tell future targets that paying the ransom is pointless for retrieving data.
And like all innovators, cybercriminals keep creating new products. Some hackers pursue a “leakware” strategy, declaring that if you don’t pay the ransom, they’ll share your proprietary files with the world. So much for your data backup saving the day.
How to Lock Your Gates
Data kidnappers typically use phishing schemes to trick a user into clicking a malicious file that lets hackers into the system. Organizations with many dispersed users are especially tempting. In other words, nearly every company became a fatter target in 2020 as employees began working at home in large numbers. Other attacks skip the well-meaning end user and simply exploit known security holes.
Once the hackers enter the system, they may spend several days snooping around your files to determine exactly how to hurt you the most. They may also start monitoring communications among key employees—all in the interest of assembling a ransom offer you can’t refuse. With an airtight plan, they encrypt your data and announce the attack tailored just for you.
Obviously, hackers are bringing serious tools to this heist. So let’s consider some best practices for keeping both your data and your money where they belong:
- Use appropriate backup strategies for necessary systems and information. Define and regularly review Recovery Point Objectives and Recovery Time Objectives and test backups regularly.
- Enable real-time security monitoring and data loss prevention policies to identify intrusion attempts and validate that data has not been compromised.
- Install up-to-date, next-generation antivirus/EDR (endpoint detection and response) software on every device. EDR tools prevent execution of malware that only tips its hand after entering your system and trying to execute.
- Ensure your IT team (or an info security partner) properly configures the antivirus software—a frequently overlooked step.
- Keep operating systems current with all available patches.
- Educate employees to lower the risk of phishing schemes.
- Limit users’ access to only the most necessary files, limiting how far an intruder can get with any given person’s credentials.
Pratum experts spend every day fending off the latest ransomware. If you’re ready to assess your company’s risk of attack, reach out to our cybersecurity team.