Ransomware and Data Breaches
Ransomware has had quite an upswing in recent years, costing the world $20 billion in 2021 and in 2023 the projected damages from ransomware are expected to exceed $30 billion worldwide. Cases of ransomware have been increasing at an alarming rate to become one of the leading threats to thousands of businesses, organizations, and governments around the world. This trend shows very little sign of slowing down and will only increase in the coming years as access to hacking tools on the internet and dark-web becomes easier than ever before.
How does Ransomware spread in the first place? The three most common ways ransomware is spread are through ransomware emails, software vulnerabilities and server weakness exploits. Server exploits are most commonly used on smaller businesses due to the fact that they rarely have adequate protection in place. As businesses increase in size, phishing emails tend to become the most effective method of attack. Ransomware phishing emails will often contain an infected file. Although most people should know not to run an unverified .EXE file, seemingly innocent file types like Microsoft Word and Excel files have become the most used in recent phishing campaigns. Almost half of all recorded data breaches in 2022 began with stolen credentials resulting from successful phishing attacks. It will likely come as no surprise to learn that hackers and cyber-criminals prime goal in using these credentials is to launch ransomware attacks, which “continue to be the number one threat to large and medium-sized businesses, organizations and governments around the world.”
So what exactly is ransomware, and what actually happens during an attack? There are a wide range of different types of ransomware, and with new ransomware threats constantly appearing it can be hard to keep track of them all. Ransomware is a type of malware that can encrypt all of your data or lock you out of your computer. Once the ransomware has infected your computer, it will typically ask you to pay a ransom (most often in cryptocurrency) in exchange for decrypting your data or unlocking your computer. However, paying the ransom provides no guarantee of recovering data. Reports found that 24% of organizations who paid the ransom were not able to recover data, whereas 52% who paid the ransom were able to recover data. Additionally, 19% of organizations did not pay the ransom because they were able to recover their own data from their backups. Once a ransomware data breach occurs, a company’s live data is at the mercy of hackers, but a company can easily get its data back using backups (if backup software was installed before the attack).( https://pumatelecommunications.com/2016/11/09/backups-in-the-cloud-era/)
How often do ransomware attacks occur? The Colonial Pipeline attack in 2021 largely turned “ransomware attacks” into a household term in the United States and prompted the U.S. Department of Homeland Security to issue its first cyber security directive. Ransomware attacks have become so common place that it’s no longer a matter of how many cyberattacks happen per day, since that metric is now measured in seconds. A new company was affected by ransomware every 14 seconds in 2019, and in 2022 it was increased to every 11 seconds worldwide. Most ransomware isn’t spread by an individual; rather, certain malicious groups, or state sponsored groups develop, refine and distribute the ransomware software.
Schools, healthcare providers and even government institutions have all become victims of ransomware attacks by cybercriminals. With even crucial public services being shut down, ransomware is now a global threat to organizations and individuals alike. While knowing these cybersecurity and ransomware stats alone won’t save you from a ransomware attack, you’ll certainly be better informed and equipped to protect yourself and your organization from ransomware. We cannot understate the importance of the security of your business’ data, and the lengths you should go to protect it. Data breaches by ransomware are a threat that not only compromises the current functioning of an organization, but also threatens the privacy of current and past employees’ personal information. The cornerstone of all the best ransomware defense strategies is having a reliable and regularly tested backup solution for all devices that store critical business data. A zero-trust approach to cybersecurity is essential for keeping your organizations data secure, utilizing industry best practices, including multifactor authentication, least privilege, and keeping no more data than is necessary on those devices.
More on ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
Ransomware Guide: https://www.cisa.gov/stopransomware/ransomware-guide
Cybersecurity Quick-Start Guide: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1271.pdf