In 2018 it was reported that ransomware was trending down, but so far 2019 is telling a different story. Damage costs from ransomware are expected to hit around $11.5 billion this year and $20 billion by 2021 and it remains a significant cyberthreat for all organizations. In this blog we’ll address some of the most common questions about ransomware and outline some of the best ways to protect your organization from facing the ‘to pay or not to pay’ dilemma.
Ransomware is a type of malicious software that gains access to files or systems and is designed to block access to them until a ransom is paid.
There are two main types of ransomware today, Crypto ransomware which encrypts valuable files on a computer so that the user cannot access them, and Locker ransomware which locks users out their device until a ransom is paid.
Once the ransomware has been installed on a computer it executes on the local machine and then contacts a third-party server to download other payloads (applications) to activate the malware. It subsequently starts encrypting all the files on your drive. After it has completed it will display a paywall requesting money (usually in the form of non-traceable bitcoin) to have your files decrypted. If you don’t pay the ransom the files can be deleted by the hackers.
Ransomware is often spread through phishing emails that contain malicious links or attachments. It can also be spread by the “drive-by download” technique which occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge.
2018 statistics told us that ransomware was in decline as the number of organizations being infected fell. However, Q1, 2019 saw a 195% increase in ransomware attacks and a further 184% increase in Q2 and many experts believe that attacks will increase in the latter half of 2019.
Recent well publicized attacks suggest that cybercriminals have set their sights on public sector, local government and healthcare organizations with less than adequate cybersecurity protection in place and strong insurance policies. In 2018 it was reported that half of all reported ransomware incidents involved healthcare organizations and a report by CSO online estimates that healthcare malware attacks are likely to quadruple by 2020.
Anti-malware and anti-virus software aren’t enough to protect you from today’s modern threat landscape as they focus on known threats. Hackers are increasingly using Fileless techniques to download random payloads and signatures to avoid detection. Fileless attacks are on the rise with 77% of successful attacks using Fileless exploits. In fact, as many as 75 percent of companies that fall victim to ransomware were running up-to-date endpoint protection on the infected machines.
Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators most commonly demand that ransom payments are paid in bitcoins. Less common alternative payment options such iTunes and Amazon gift cards have also been recorded.
There is much debate around the ‘to pay or not to pay’ approach to dealing with ransomware. The official recommendation from the US government is never to pay the ransom, using the wisdom that if they aren’t getting paid, they won’t keep trying. However, guidance from Forrester Research suggests that paying ransom should be seen as a valid recovery path that should be explored and evaluated just like any other business decision. Organizations must consider their ability to recover from the cyberattack, outside consultant costs, recovery plans as well as cybersecurity insurance which in some cases will cover the ransom. It is important to note that even if you pay there is no guarantee you will get your data back.
The average ransom demand by hackers to release files encrypted by their ransomware attacks has almost doubled in 2019. Recent research shows that the average ransom demand in Q1 this year was $12,762 compared to $6,733 in the Q4 last year.
The best way to protect your organization from ransomware is to prevent the attack from happening in the first place. These days hackers are attacking from all angles, profiling your employee’s behaviour as they browse online and through applications on your company devices, collecting data from across your networks. BlackFog Privacy prevents the transmission of data from one device or network to another, filling the gap between Firewalls designed to prevent access and anti-virus/malware solutions that remove known infections after they have been discovered.
Being a victim of a cyberattack is a question of when, not if. Organizations must be able to prevent attackers from removing data in the first place as well as the activation of the ransomware on the device. Through a layered approach to security BlackFog spots, in real-time, when an attacker is trying to remove unauthorized data from your device or network and stops them in their tracks.