Ransomware: Cybersecurity’s Biggest Threat Yet

Ransomware is likely today’s biggest threat to cybersecurity, and it’s only getting more dangerous. Do you know how to defend against it?

You’ve probably heard a lot about ransomware and other cybercrime threats. It’s easy to hype up the doom and gloom about cybercrime — fear is often a great motivator.

But at a certain point, it has probably turned into background noise, right? You hear so much about types of threats that you get numb to it.

Don’t get lulled into a false sense of security…

Ransomware Has Never Been More Common Or More Dangerous

Cybersecurity industry leaders Datto recently released their Global State of the Channel Ransomware Report, developed from statistics reported by over 1,400 survey respondents. Managed service providers, channel partners, and Datto clients help to paint a frightening picture of the rate at which ransomware is being used against unsuspecting businesses.

We won’t sugar coat it — ransomware hit new heights in recent years, affecting a majority of businesses that have encountered any kind of cybercrime threat:

  • 85% of MSPs report ransomware as the most common malware threat to SMBs.
  • In the first half of 2019 alone, 56% of MSPs report attacks against clients. 15% of MSPs report multiple ransomware attacks in a single day.
  • An average of 1 in 5 businesses report being a victim of a ransomware attack.

A Brief History Of Ransomware

In 1989, ransomware claimed its first victims when a Harvard-educated biologist and AIDS researcher, Joseph Popp, distributed 20,000 floppy disks loaded with ransomware to AIDS researchers across 90 countries.

He claimed that the disks had a program that could analyze an individual’s risk of acquiring AIDS via a questionnaire. The recipients were unaware of a malware program inside the disks that activated itself and locked the computers after they were powered on for the 90th time post the malware’s entry into the system.

Once active, the malware displayed a message first demanding $189, and later another $378, for a software lease from a company called PC Cyborg. This attack became notoriously known as the AIDS Trojan or the PC Cyborg virus. That year, a new and formidable cybersecurity threat was born.

Ransomware’s next era, however, began nearly 20 years later when ‘Police Locker’ attacks hit the business world. These attacks used malware that changed a user’s desktop screen to depict a false note from a law enforcement agency, such as the police or the FBI. Interestingly, the attacks did not use encryption and could have been resolved simply by rebooting the computer, but it was the fear tactic that compelled several victims to pay hundreds of dollars in ransom.

Modern-day ransomware developers have come a long way since then. While early ransomware developers developed the encryption code on their own, today’s attackers use existing libraries, which are harder to tackle and distribute via methods that include spear phishing.

Some of the most advanced cybercriminals are making a fortune out of selling ransomware-as-a-service, which has allowed attackers with less technical skills to carry out massive attacks. Ransomware, such as CryptoLocker, CryptoWall, Locky, and TeslaCrypt, are just some of the attacks that have emerged out of this new industry.

The introduction and use of cryptocurrency within the ransomware industry have also made transactions more difficult to trace than conventional ones. For example, the hackers that carried out the WannaCry ransomware attacks that wreaked havoc worldwide demanded that the ransom be paid in Bitcoin.

Through their three-decade-long existence, ransomware attacks have only gone from strength to strength. While older threats reemerging is always a possibility, newer ones such as NotPetya and MAZE are constantly looking to take advantage of lapses in the cybersecurity defenses of companies worldwide.

How Does Ransomware Work?

According to Datto’s report, MSPs rank phishing emails as the leading cause of successful attacks. However, in total, there are 5 primary ways that hackers trick targets into downloading ransomware:

Phishing

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.

  • Malvertising: Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link. That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.
  • Remote Desktop Protocol: RDP is a known infiltration point for cybercriminals, especially for unpatched systems.
  • 3rd-Party Remote: Many cybercriminals are attacking third-party remote-control tools as they know that once they can gain access to a remote control tool, they will have access to several machines that can be infected.

Out Of Date Hardware

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

What Is The Real Cost of Ransomware?

There are a number of key costs that will come with a ransomware attack, including…

Ransom

This is the most obvious cost, and it just keeps going up. According to cybersecurity company Coveware, what was an average ransom of $6,733 in 2018 has increased to $12,672 in 2019.

According to Datto, the average ransom requested by hackers is increasing. MSPs report the average requested ransom for SMBs is ~$5,900, up 37%, year-over-year.

Downtime

As Kaspersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data.

That’s a time in which you can’t get work done, can’t serve your clients, can’t gain new business, and still pay your employee wages and ongoing costs to keep the lights on.

Put simply? Lots of expenses with no revenue.

Downtime costs are up by 200% year-over-year, and the cost of downtime is 23X greater than the average ransom requested in 2019.

Remediation

Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching HIPAA or FINRA regulations? These all get added to the bill for getting hit by ransomware.

According to Beasley Breach Response’s 2019 noncompliance report

  • The average ransomware payout is $116,000
  • The highest ransomware demanded by cybercriminals was $8.5 million
  • The highest ransom paid by a target organization was $935,000

How could it possibly cost so much? Just think for a second what it would be like if you couldn’t access your data. Technology is such a crucial part of business today, that without it, you can’t do much of anything.

What Would Happen If You Were Infected With Ransomware Right Now?

  • Do you have a plan?
  • Are your system endpoints protected?
  • Are your backups recent, tested, and viable?

It’s easy to assume that just because you haven’t been hit by ransomware yet, that you won’t be anytime soon. You may think you can put off investing in an effective business continuity plan, but without warning, you may get hit.

Don’t assume you’re safe. Take the time to make sure you are, or you may end up having to pay a ransom.

How Can You Defend Against Ransomware?

The best way to defend against ransomware is to work with an IT company (like Lan Infotech) whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens:

Access Controls

Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.

Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

Network Monitoring

Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects.

Data Backup

If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

  • Back up data on a regular basis, both on and offsite.
  • Inspect your backups manually to verify that they maintain their integrity.
  • Secure your backups and keep them independent from the networks and computers they are backing up.
  • Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.

What’s The Best Way To Protect Yourself Against Ransomware?

When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals like those on the Lan Infotech team.

We’ll manage your cybersecurity, as simple as that. Instead of needing an employee or internal team to keep your tech and data secure, you let someone else with the skills and knowledge do it for you:

  • We’ll perform regular vulnerability testing as per industry standards to ensure you aren’t dealing with overlooked cybersecurity weaknesses.
  • We’ll help you plan and achieve a secure environment to work in.
  • We’ll provide ongoing service and support for any security-related concerns you may have.

Get in touch with our team to get started.