(August 2020) Two recent high-profile ransomware attacks that resulted in multimillion-dollar payouts illustrate a disturbing trend: Ransomware attacks are becoming more frequent, destructive, and expensive.
In two separate July attacks involving wearable technology maker Garmin and corporate travel firm CWT, cybercriminals demanded $10 million ransoms to restore access to encrypted data. Unconfirmed reports say each company agreed to record payouts of at least $4.5 million to obtain decryption keys.
Security industry analysts estimate that ransomware attacks have increased by more than 90 percent in 2020, part of an overall surge in cybercrime as criminals seek to exploit pandemic-related anxiety. In addition, average ransom demands are now more than $110,000 — triple the asking price in 2019 and 55 times larger than just three years ago.
Email remains the most common method for distributing ransomware. Once a recipient opens an infected attachment or clicks on a malicious link, the malware installs itself on the system and begins encrypting files. Payment is usually demanded in the form of Bitcoin or other cryptocurrencies.
There is considerable debate about whether companies should pay the ransom. The FBI has always advised against it, stressing that it doesn’t guarantee criminals will provide the decryption key. Even if access is regained, the integrity of the data cannot be guaranteed. In some cases, viruses and other types of malware planted by hackers are activated months after the original ransomware attack. Additionally, paying the ransom can mark you as a willing payer and make you a target for additional attacks.
Of course, the best solution is a strong defensive posture that limits your vulnerability in the first place. That starts with robust backup practices. Data should be backed up frequently to meet recovery point objectives and keep potential data loss to an acceptable level. Because ransomware can spread across the IT environment and affect backup systems, organizations should ensure that backups are isolated so that they aren’t affected. This can be done with an “air-gapped” environment, cloud backups or physically storing backup data offline.
Here are other key precautions to consider:
- Scan and filter email for known malware, spam messages, and executable files before they reach users. This will significantly reduce the chances that unsuspecting users will open malicious files.
- Configure firewalls to block access to known malicious IP addresses.
- Train users on how to detect potentially malicious software, and continually remind them they should never click on links or open attachments in unsolicited emails. This is particularly critical now that huge numbers of employees are working from home without the protection of corporate security measures.
- Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Privilege restrictions can help limit malware spread through a network.
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
- Develop a containment strategy. In the event of a successful attack, infected computers should be isolated as soon as possible to protect networked and shared resources. All network passwords and online account passwords should also be changed as soon as possible.
Because ransomware has become so lucrative for cybercriminals, the threat is likely to continue growing over the near term. Although there are many steps organizations can take to limit their exposure, working with an experienced managed service provider such as Mainstream offers significantly enhanced protection. Through our Managed Services and Managed Cybersecurity offering, we can implement and manage backup and data protection, managed firewall, threat monitoring, vulnerability scanning, penetration testing, content filtering, and other measures to boost your security posture.
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile