Ransomware Attacks Leave Businesses Around the World Reeling — How Prepared is Your Business?
Ransomware attacks are getting more sophisticated and effective. Hackers are progressively creating more aggressive malware that locks everyone out of organizations’ data or systems unless they agree to pay a ransom.
The ransom includes decryption fees to recover business data and system or continuous financial demands to prevent the hackers from releasing business data into the dark web.
A vicious cycle is fueling ransomware, and it’s quickly becoming one of the world’s worst cyber crimes. When companies pay off ransomware gangs, the criminals reinvest the profits into making bolder and bigger attacks, and there is no end in sight.
Businesses have no option but to reevaluate their cybersecurity procedures, policies, and defense.
The Changing Face of Ransomware Attacks
Emails have historically been the undisputed champions of ransomware attacks. Attackers would target an organization’s system through phishing emails.
The hacker would send a malicious email targeting an unsuspecting employee to click the link. Upon clicking the link, the malware would encrypt the business’ server, infect data, and lock everyone out of the organization system. The hacker would then ask for a ransom, mostly in cryptocurrency.
Today, email is still the number one delivery method for ransomware attacks. However, attackers are shifting from just a few hobbyist hackers having fun to a thriving gang of cybercriminals turning ransomware attacks into a massive business.
According to IBM, the average cost of data breaches has risen to $4.24 million, the highest in the past 17 years. The rising cost for ransomware attacks is booming like a business model — criminals selling their expertise to the highest bidder.
The Dark Side of Tracing Ransomware Attackers
Ransoms are paid via cryptocurrency, which creates difficulty to trace and catch cyber criminals. Payment by cryptocurrency is easy, quick, and often anonymous — making it excellent for hackers to hide their ransom.
Creating a crypto wallet doesn’t require any ID — a factor that makes crypto payments anonymous and ideal for conducting cybercrimes.
What’s more, ransomware uses a TOR browser that makes it difficult for law enforcement authorities to locate ransom websites on the dark web. For that reason, it’s nearly impossible to shut down the control sites.
What’s more, the TOR browser makes it hard to crawl the sites and get the ransom wallet addresses. Even if the authorities start tracing a wallet, cybercriminals use a bitcoin mixer to make it even harder to trace the payment.
Tracing ransom payment isn’t impossible — it’s just complex.
Paying ransom should be an organization’s last option. A recent survey found that 80% of businesses that initially paid ransom are exposed to a second attack. Nearly half of the repeated ransomware attacks are from the same attackers who executed the first attack.
NTSC sees ransomware as more than just an IT problem and says it can drive an organization out of business when the response is ineffective. Too often, ransomware attacks on small and medium-sized businesses leave them with no access to their data, backup, and critical systems that facilitate daily operations.
How Can A Company Tackle Ransomware Attack
Since every business is at risk of ransomware attacks, your initial step should be to draft a written response plan in case of a successful ransomware attack. A written plan helps an organization avoid rash decisions and have an organized, calm response.
The plan should explain your company’s actions and have a well-represented team to manage the incident. The teams should inform several parties about the incident, which include:
- Senior management
- IT team
- Legal team
- Insurance carrier
Your legal team will ensure that the investigation of ransomware is protected. On the other hand, the insurance carrier will determine whether the safety of the coverage is applicable under the existing cyber insurance policy.
Involving your insurer from the beginning is critical because the insurance company is the one that will approve the offer to pay ransom to the hacker. However, the senior management or the board are the ones to decide whether your business will pay the ransom or not.
Your IT team can isolate the infected system, network segments, and other IT resources. Then, they should force a password reset across the company’s privileged and unprivileged accounts, users, and other systems.
You can leverage external help, such as a team specializing in ransomware response, a specialized legal team, and a forensic system.
You shouldn’t unplug the affected system because you can lose forensic data when the power goes off. However, to prevent a larger risk, you can isolate the system from the network.
Factors Companies Consider to Decide Whether to Pay A Ransom or Not
While the Office of Foreign Assets Control advises against paying ransoms, some ransomware cases can result in severe consequences, requiring organizations to keep an open mind.
Organizations have the responsibility to evaluate the seriousness of the situation and arrange for the availability of money for the ransom amount while at the same time protecting every party involved.
At the time of emergency, the company can evaluate:
- How sensitive is the data in the cybercriminal’s hand
- Availability of exfiltrated data backup
- If decryption keys will unencrypt the data
- The ransom demand surpasses the cost of refusing to pay
- If the attacker is a US-sanctioned entity
Evaluation of a specific situation will help your company to decide whether to pay the ransom or not. Regardless of your decision, you’ll file an online report about the ransomware attack with the FBI.
While companies should balance the cost of remediation against paying ransoms to reclaim their data, the consequences of sending fees to the US-sanctioned attacker are severe. The US Treasury department suggests that paying ransom to a US-sanctioned country, criminal, or other named groups or individuals violates laws against funding terrorists.
How Companies Can Reduce the Risk of Ransomware Attack
While there isn’t a perfect solution that an organization can rely on during a ransomware attack, a few steps can reduce attack risk. Some measures can reduce the extent of damage in the event of an unfortunate incident.
The measures an organization can take include:
- Reviewing your cyber insurance policy to ensure that it covers ransom
- Drafting a ransomware attack response plan that defines who’s responsible for what action in the event of a ransomware attack to resolve issues fast
- Have a separate business communication channel that ensures management continues being in touch even when an attack disrupts everything
- Enabling multi-factor authentification in all company accounts to filter out spam
- Training cybersecurity to employees so that they can identify and avert phishing emails
- Identifying high-risk employees — those with administrative rights — and keeping them on high alert to avert an attack
- Regular backup and testing of backup systems
- Separating backup from other systems that an organization uses
- Evaluating cybersecurity programs and protocols that key vendors are following
LAN InfoTech Will Help You Protect Your Business From Ransomware
Our cyber experts will step in and handle all the cybersecurity tasks for your company. We’ll help you put systems and procedures in place to keep you prepared for ransomware attacks. Contact us today to talk to an IT and Cybersecurity expert about your business’s security needs.
LAN Infotech is a Microsoft Cloud Services Provider, IT Managed Support company and a leader in helping law firms, nonprofits and medical organizations deploy cloud solutions, manage computer networks, keep data protected and top technology management company. Businesses like yours need technology support to run highly-effective organizations.