Ransomware used to be looked at as one of the many dangerous types of malware attacks that companies needed to protect themselves from. But lately, it has grabbed the spotlight, and it seems you hear about a new ransomware attack every few weeks.
Within the last year, the cost to remediate ransomware has more than doubled from $761,106 in 2020 to $1.85 million so far in 2021. The number of attacks is also skyrocketing, rising 158% in North America between 2019 and 2020.
Two recent attacks that happened in May had widespread consequences. There was the Colonial Pipeline attack that shut down a major supply of fuel to the East Coast for six days. This caused gas shortages across several states and the cost of a gallon of gas to rise nationwide.
On the heels of that attack was another ransomware hit, on JBS, the world’s largest supplier of beef and pork. It owns brands such as Pilgrim’s Pride and Swift, among others. Its operations in several countries, including the U.S., were down for several days, impacting the price of meat until things could get back online.
Ransomware has become one of the biggest threats to company cybersecurity and wellbeing. Just one attack can instantly take down an entire company and stop operations as it encrypts data across the entire network.
Why has ransomware risen so fast? We’ll go through several of the factors fueling its growth.
Factors Fueling the Growth of Ransomware
A Majority of Victims Pay the Ransom
Ransomware has become one of the most lucrative types of attacks for hackers. Instead of waiting for a payout from having to sell data stolen during a spyware attack, ransomware means less work and a fairly quick payout if the victim pays the ransom.
Because of how desperate companies are when ransomware brings their operations to a standstill, and how unprepared many are for recovery, most give attackers what they want.
Approximately 56% of ransomware victims pay the ransom to the attacker.
Both Colonial Pipeline ($4.4 million) and JBS ($11 million) paid their attacker’s ransom demand.
When victims pay the ransom, it reinforces to cybercriminals that this is a good way to make money. Attacks increase and so do ransom demands.
Ransomware Has Become a Service
Because of the ability to make large sums of money with ransomware, large criminal organizations and state-sponsored hacking groups have elevated it into a service model. Inexperienced criminals are now able to buy Ransomware as a Service (RaaS) and get a pre-built attack unleashed with no hacking skills needed.
This exponentially increases the number of attacks because now anyone can conduct one.
Many Companies are Unprepared for an Attack
Just having a backup isn’t always enough to protect you from a ransomware attack. Companies often back up data, but never test the recovery mechanism. So, they end up paying the ransom because either something went wrong with the backup, or they are unsure how long recovery will take.
An important component of a good cybersecurity plan is incident response planning. This involves creating an incident response plan and then running drills on that plan, so when a real attack happens, you’ll be ready.
Companies are Lacking Basic Cybersecurity Best Practices
It’s often a simple mistake that enables a major ransomware attack. For example, in the case of Colonial Pipeline, an unused VPN account that wasn’t protected with multi-factor authentication (MFA) was the way in which those hackers used to launch the attack.
According to a recent security threat report by Sophos, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks.”
Companies need to adopt basic IT security best practices to protect themselves against ransomware as well as other threats. These include things like:
- Enabling MFA on all cloud accounts
- Using endpoint access monitoring
- Ensuring all devices used for business have adequate antivirus/anti-malware
- Using a strong network firewall
- Keeping all devices updated and patched
- Conducting ongoing user training on phishing and data security
Ransomware Will Continue to Get Worse
As long as companies continue paying the ransom to attackers, and attackers continue cashing in on attacks, ransomware will continue to grow. The only thing that will help stop it is the adoption of good basic IT security policies by companies that allow them to mitigate the risk of an attack, and if attacked, to recover without paying the ransom.
As soon as ransomware stops becoming such a big moneymaker, hackers will move on and there will be one less devastating crisis event to worry about.
Does Your Company Have an Incident Response Plan?
Connect2Geek can help your Treasure Valley business put together an incident response plan and conduct ongoing drills to ensure you’re resilient in the face of ransomware or any type of online attack.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.