Headlines are screaming with ransomware attacks and the ever-increasing payout demands. In May, Colonial Pipeline fell under a substantial ransomware attack that shut down production along the East coast, affecting oil prices worldwide. Colonial Pipeline disclosed they paid out $4.4 Million in Bitcoin to restore files because they could not recover quickly enough otherwise.
Ransomware’s Terrifying Truths
Ransomware is terrifying because a single attack can cripple a business without adequate controls in place. Failing to be prepared results in consequences from service outages to loss of critical files and even the complete shutdown. If no backups are available, the worst circumstance isn’t having to pay out enormous sums in ransom but trusting cybercriminals to return all the data. Ironically, it leaves a victimized business depending on the honesty of thieves. There are several equally terrifying truths about ransomware, but there’s also good news — organizations can do something about it.
Attacks Are On The Rise
According to SonicWall, ransomware attacks have risen 158% in North America and 62% worldwide between 2019 and 2020. Experts estimate that a ransomware attack occurs every 11 seconds. Even the first half of 2021 saw a 93% increase in ransomware attacks from the same period in 2020. This dramatic increase makes ransomware a severe threat to all organizations, so preparation and defense are crucial. Companies need to stop worrying about whether they will be attacked and plan for when an attack occurs.
Ransoms are Huge
Part of what drives the ransomware movement is the profitability of the attack and relatively low risk. The average ransom is approximately $170k, with some organizations paying over $1M in ransom. As a low-effort attack by cybercriminals, this is a hefty amount to reap for a single attack. Without much difficulty, that attack is repeatable multiple times a year, increasing the prize.
Data Thieves Aren’t Honest
Even paying the ransom does not guarantee you will get your data back. While 32% of the victims end up paying the ransom, they still only recover 65% of their data on average. Even after making a payment, the odds of getting the data back are far from guaranteed. Additionally, attackers can make more than one demand, double extortion or even triple extortion. For example, they can decrypt data for a price, and charge an additional ransom for not releasing it to the public and turn around and threaten any partnering companies they find within that data.
Ransomware is a Business
Some attackers are adopting a Ransomware as a Service (RaaS) model, leasing ransomware variants, or RaaS kits, to other malicious actors. Much like a software subscription businesses, these kits are marketed and often come complete with 24/7 support. This enables the authors of the code to scale their business, and enables other attackers to launch ransomware without the overhead of developing and supporting their own variants.
Unfortunately, more malicious actors are adopting these modern business models, making ransomware attacks easy and cost effective to execute, with plenty of ROI to go around.
Ransom Isn’t the Only Cost
The ransom price is far from the only cost; the average total cost to recover from ransomware is $1.85 Million. The recovery cost includes loss of productivity, remediation plans, and privacy-related penalties. In fact, the average downtime for organizations hit with ransomware is 21 days, with up to $8500 per hour in productivity loss. That doesn’t begin to address fines. So even after paying the ransom, additional costs continue to accrue as an organization recovers and works to prevent a repeat attack.
An Ounce of Prevention and A Good Defense
As terrifying as these numbers look, it doesn’t mean organizations are powerless victims waiting to be picked off by cyber predators. Preventive measures and proactive preparation are the best defense against the rising tide of cybercriminals. Taking some simple steps can drastically reduce the risk posed by ransomware.
Protect the Endpoint
One of the easiest ways to protect your environment is to ensure that an up-to-date endpoint solution such as an antivirus (AV) exists on every organizational asset. This isn’t a perfect solution nor a cure-all, but this first line of defense is vital. Different endpoint solutions deliver varying types of protection. Still, by working in conjunction with other lines of defense, they prevent many attacks that target the path of least resistance.
Active Threat Intel
The next phase of protection is active threat detection. This is essential for catching early signs of an attack, allowing organizations to take quick and decisive action before cybercriminals get a foothold. By identifying behavioral signs that indicate attackers or malware infections, intel products flag risky behaviors and intervene earlier, disrupting the attack chain. Advanced behavioral intel products can take proactive steps to cut off access and isolate the assets, narrowing the damage scope. This prevents ransomware infections from spreading like wildfire throughout your organization.
Fallback to Backups
Backups are the last line of defense because no matter how good the protection/prevention is, there is always a chance attackers will get through your defenses. Having reliable and tested backups helps take power back out of the criminals’ hands. A robust backup schedule equips an organization with a primary recovery tool, depowering the criminals by negating the need to pay the ransom. Backups should leverage the cloud and store multiple instances of backups over weeks or months, creating multiple restoration points. So if malware has been embedded in the systems, unnoticed over time, the restoration can roll back to before the initial infection took place.
Help From an Ally
Digital Defense’s Frontline ATS picks up where your endpoint protection falls short. Using an easy-to-deploy solution, it quickly scans for active threat activity and indications of compromise. Uncover holes in your protection, assets with no endpoint defense or that are out-of-date with patches. Frontline will identify all varieties of malware and deliver on-demand reporting with advanced filtering to empower your organization to take control of its ransomware defense.