Ransomware grabbed the headlines in 2021, highlighted by the Colonial Pipeline hack and highlighted by dozens of other attacks.
Data on ransomware infections vary, with multiple estimates suggesting the majority organizations around the world have been affected. Even more cautious measures indicate a widespread safety problem. A recently released survey conducted by IDC found that nearly a third (31%) of organizations worldwide have been affected by ransomware in the past 12 months. (IDC found a much lower rate among US-based companies.)
Such data points also tend to indicate that ransomware attacks are on the increase. According to research group Statista, the percentage of organizations around the world that have been affected by ransomware has increased steadily each year from 2018 to 2021.
Ransomware is “another way to monetize attacks against computer systems.”
By all accounts, ransomware is a real problem – and potentially costly. And the reason it exists is basically simple. “Ransomware is in the news a lot these days,” says Gordon Haff, technology evangelist at Red Hat. “But at the end of the day, it’s just another way to monetize attacks on computer systems.”
[ How can the DevSecOps approach help? See What is DevSecOps. ]
5 facts about ransomware
This is the first basic truth that any IT or business manager should know about ransomware: Attackers use a variety of techniques to infect and encrypt an organization’s systems and data. The name tells you what comes next: They hold these systems and data as a ransom, demanding payment in exchange for restoring access.
Ransomware is disruptive. The attack on the Colonial Pipeline illustrates this point well. It’s also lucrative for attackers and costly for victims – Colonial initially paid its attackers around $ 5 million, according to several news reports, some of which was later recovered by law enforcement authorities.
Let’s expand on this point and several other ransomware facts that IT managers and business leaders need to understand, especially in the context of a growing problem.
1. Ransomware is so popular because it works
Ransomware wouldn’t exist if it was ineffective.
87% of businesses that have suffered ransomware in the past 12 months have paid the ransom, according to research by IDC.
In fact, the ransomware works very well. The truly revealing statistic from the IDC survey has nothing to do with infection rates but with Payment Rate: 87% of businesses that have suffered ransomware in the past 12 months have paid the ransom, according to the research firm.
The average ransom payment was around $ 250,000 among this survey sample, although IDC notes that this number has increased due to a few large payments of over $ 1 million.
The financial impacts are most staggering when viewed together: Cybersecurity Ventures has previously predicted global damage from ransomware to reach $ 20 billion in 2021, up from $ 325 million in 2015.
IDC has also found that it is not uncommon for organizations that have been breached to be attacked – and with systems and / or data held as ransom – multiple times. (This suggests that cybercriminals will gladly hit the same target over and over again until it no longer pays.)
Haff and other experts point out that cryptocurrencies have enabled attackers to collect payments more efficiently – an overlapping trend that has made ransomware more effective.
“Ransomware has become more popular since 2010, when businesses and individuals started using Bitcoin and other new cryptocurrencies,” says Amit Bareket, CEO and co-founder of Perimeter 81. “With these cryptocurrencies , it is much easier for hackers to collect money from their targets.
2. Ransomware can affect all organization
These kinds of numbers unfortunately mean that ransomware has become big business. This reveals another truth: you can’t think of ransomware as an over-publicized threat. It can affect virtually any organization, regardless of its size or industry. And beyond the actual ransom, there is the collateral damage to consider, including reputation and trust. This is not how you want to make the news.
“Ransomware is one of the fastest growing cybersecurity threats,” says Bareket. “We have seen many new industries targeted by ransomware throughout the pandemic, including healthcare, real estate and law. Government and critical infrastructure are also still relevant targets. “
Don’t make the mistake of thinking that you are too short or too tall to be a victim. You also shouldn’t be overconfident in your security posture: like other threats, this is a changing landscape that requires continuous review and adjustment.
“Ransomware attacks are on the rise,” says Asher de Metz, senior manager of security consulting at Sungard AS. “It’s no longer about whether you will be targeted by a hacker, but when you will be hit.”
3. You are only as strong as your weakest link
Let’s move on to the facts about attack tactics and prevention. With the former, many methods should look familiar to you.
“Ransomware attacks all the usual weak spots in an IT infrastructure, including poor or untested backup procedures, unpatched software – including those related to lack of scanning of containers and other parts of the chain. software procurement – and user errors, ”says Haff.
[ Automation can play a key role here. Read also: How to automate security and compliance with Kubernetes: 3 ways. ]
As with many other forms of malware and other security threats, attackers often search for weak spots in your organization, such as a legacy VPN that has not configured multi-factor authentication (MFA).
This is a general model for IT security: access through a single point of entry and wreak havoc from there. Basic safety hygiene is anything but basic – it is an essential foundation for risk management.
“Depending on your network configuration and patching, it only takes one instance of ransomware to potentially impact other machines on your network,” says Brian Wilson, CISO at SAS. “Applying operating system and third-party patches or documented workarounds in a timely manner can help prevent the spread of malicious payloads on your network. “
This is an underlying issue with security holes. Many organizations don’t know they exist until they are exploited.
“Organizations should perform a security vulnerability analysis to see where they are most vulnerable to an attack,” says de Metz. “Communicating with leaders from other areas of the business can show just how vulnerable the organization really is and can really help implement the necessary security strategies and planning. “
4. Ransomware attacks often start with phishing
Phishing scams don’t get quite the same attention as ransomware. “Ransomware” looks bigger and scarier; phishing has been around for so long that it seems boring in comparison.
There is an important connection between the two. As Haff points out, user error is one of the main causes of infection. Therefore, phishing is often the initial point of entry for a possible ransomware infection. Security professionals generally agree that email and other fraudulent link vectors are one of the proven tools for delivering ransomware.
“Many ransomware attacks are generated by phishing attacks, which occur when employees open unknown or deceptive emails and click on malicious links,” Bareket explains.
Back to this point about basic safety hygiene: Phishing is as “basic” as it gets, but it’s more prevalent than ever. Make sure you don’t sleep on this major vector.
“Email is the most common vehicle for compromise, when an employee unwittingly clicks on a malicious attachment or download link,” Wilson explains. “Additional technology is needed to perform attachment sandboxing and URL rewriting, both to block known malicious sites and to track who clicked what.”
Now, let’s explore four essential strategies for minimizing your risk: