What is Ransomware and How to Protect Against it

Ransomware is one of the most dangerous threats to businesses in the current day. Simply put, ransomware is malware that allows hackers access to important files and data; the hackers then block access to the data unless a ransom is paid. These attacks pose a threat to a business’s finances, operations, valuable assets, and even their reputation.  

Ransomware is extremely commonplace nowadays and is quickly becoming one of the greatest cybersecurity concerns for all types of organisations. During the COVID-19 lockdown, businesses saw a drastic increase in ransomware attacks. Because most businesses now rely on working from home, attackers can find their way into a business’s network through unsecure home computers. Ransomware coding also keeps getting better and better, with some forms being able to send important information back to the hacker, who can then threaten to leak the information. 

The Cost of Ransomware 

Ransomware has many effects on a business that people may not be aware of. After all, the ransom payment itself is usually just the tip of the iceberg when it comes to ransomware’s true cost. Below are some examples of what a ransomware attack could end up costing an organisation or business: 

Financial Threat 

An ActiveIT study predicts the average global ransom price to be USD $5600. To a small business this can be detrimental, as they may have no choice but to pay up. After all, a small business is much less likely to recover from the lack of access to important data or the potential leaking of intellectual property. On top of this, small businesses who pay up the ransom may find themselves targets of the same hackers over and over again. 

Ransomware attacks are much more costly when targeted at larger organisations. The recent 2021 Unit42 study on ransomware found that large organisations paid an average ransom of USD $312,493 to ransomware attackers in 2020, this figure is close to triple the average ransom in 2019.  

These attacks also cause disruption of a business as they are designed to lock important information behind the ransom paywall. Because of this, the organisations targeted may lose days or even weeks of business. The ActiveIT study mentioned earlier found that businesses lost an average of USD $242,200 due to downtime required following an attack.  

Data Threat 

Besides the risk of financial loss, businesses should be concerned by the recent trend of hackers threatening to release sensitive data. If the ransom is not met, subsequent leaking of company information can be even more detrimental than the initial ransom cost. Even if the ransom is met, a more malicious hacker could not live up to their side of the bargain.  

Hackers may threaten to release business secrets to competitors; or leak customer information as examples. Data leaks can potentially cause damage in reputation, and even lead to lawsuits from the victims of the data leak. 

Protecting Against Ransomware 

Preventative Measures 

• Improving Online Practise 

Ransomware attacks regularly originate from phishing schemes. Being extra cautious of suspicious emails and download links will reduce risk of infection. As a business, it may be worth training employees in good online practise. If employees are more knowledgeable on what phishing attempts look like, the business has a much lower risk of becoming a target of a ransomware attack. 

• Utilising Multifactor Authentication  

Multifactor authentication is a system whereby access to certain data is restricted behind multiple authentication steps. For instance, magnetic stripe cards, security tokens, or biometrics. This means in the case that a password gets into the wrong hands, a potential threat still cannot easily access data.  

• Email Security 

Monitoring activity of emails and downloads of employees may help protect your business from ransomware attacks. Alternatively, having better email security systems that can identify potential phishing attempts or suspicious attachments will help reduce the risk that an unknowing employee falls victim.  

• Improving Anti-Malware or Anti-Ransomware Solutions  

Making use of a reputable security solution can protect against attackers. Antivirus software solutions can help detect and destroy malicious files that may be working to find sensitive data. Many antivirus and security solutions are designed to stop the most common ransomware varieties, blocking suspicious links and files from being opened.  

• Update Software 

Many ransomware attacks happen due to vulnerabilities in software. Good software developers may regularly test and update their software for these vulnerabilities. If possible, try to use software that is regularly updated and keep all software updated to the latest version.  

Recovery Measures 

It is important to have recovery measures in place in the event of a ransomware attack. As a company or organisation, the following things will help you: 

• Regular Data Backups  

In a company setting, it is worth evaluating what data is a potential target for a ransomware threat. Backing up this information regularly can make the recovery process easier. Consider making use of the cloud or offsite storage to keep backups away from ransomware on a network.  

• Isolate the Ransomware 

If ransomware detection is good enough and an attack is detected early, isolating the attack will help stop it spreading. For example, if ransomware is detected on an employee PC, disconnecting the PC from the network and the internet can help stop the infection from finding the data that it wants. 

• Restoring or Wiping a System – In some cases, wiping a system and rebuilding from scratch may be the best solution. When restoring from backups, make sure all instances of ransomware have been accounted for and destroyed. If it comes to wiping a system completely, data backups should help to smooth the rebuilding process. 

Don't let your business become a victim of ransomware

With ransomware quickly becoming the most prolific and dangerous threats to a business, it is important to be aware of how and why ransomware might affect you. If you are concerned about your business’s cybersecurity posture and would like to know how to protect yourself, Securiwiser can help.  

With Securiwiser, you can check your cybersecurity posture and find what you can do to improve it in a clear and concise way. Sign up here for a cybersecurity posture report.