How To Prevent Ransomware

To prevent ransomware, companies need to focus on giving their employees actionable security awareness training that educates, empowers, and motivates. For this to happen, employees must understand the facts around ransomware and the profound, long-term impact it can have on the company.

Once a ransomware attack is successfully executed, there are very few options for the affected company apart from paying. The results can still be devastating even after their systems are back online. To effectively prevent ransomware, companies need to create a culture of awareness that gives employees the means to protect themselves and the organization from these cyberattacks.

What Is Ransomware?

Ransomware is a type of malware and cyber crime that holds data for ransom. In this attack, Cyber criminals use malware to lock access to information on computer networks, mobile devices, and servers, forcing victims to pay to free their data.

Threat actors target companies and individuals alike. However, they focus mainly on organizations that heavily rely on their data in their day-to-day operations, such as hospitals, educational institutions, governments, and police departments.

The most common method for launching a ransomware attack is a phishing or spear-phishing email that encourages the recipient to click a link, download an attachment, or visit a website infected with malware.

Once the malware has trapped the data and, in many cases, shut down the company’s entire computer network, criminals demand payment. Typically, the fee is requested in Bitcoin—an almost untraceable cryptocurrency.

Paying the ransom isn’t even the most significant blow for the victim. A complete system shutdown for a few days has dire consequences for most companies regarding operations and supply chains.

A concerning new development in ransomware attacks is the rise of double and triple extortion attack vectors. In this attack, hackers perform a normal ransomware attack capturing sensitive customer data. They then attempt to extort the company. On top of this, they also email affected customers directly and any other organization impacted by the breach. This leads to a dramatic uptick in the average ransomware payment.

Even once employees are back online, IT services may remain slow for weeks and even months until the network is re-secured and scanned for traps left behind by the hackers to repeat the attack later.

Another increasingly troubling trend is attacks that threaten data exfiltration. In the past, companies with proper backups wouldn’t even engage in ransomware attacks. They’d simply reset all their machines to a previous version and go on with their day.

How Much Damage Does Ransomware Cause?

Ransomware attacks have evolved and don’t merely hold data hostage. Cyber criminals threaten to release compromised data in the wild. In this case, victims might be more inclined to pay the hackers to ensure they don’t release clients’ personal information, even if they have a backup.

Ransomware attacks are a growing trend, with a report published by firewall maker SonicWall noting a 105% increase in this type of threat in 2022. The damage caused by ransomware is far-reaching, hurting companies and organizations beyond the cost of paying to release their data.

According to the recent Coveware Q2 Ransomware Marketplace Report, the damage done by ransomware can be divided into two primary costs: recovery costs and downtime costs.

Coveware reports that the downtime costs of ransomware attacks are, on average, 5-10 times the actual ransomware payout. These downtime costs include lost productivity, cancelled contracts, and the loss of industry confidence.

Preventing ransomware must be a priority, as evidenced by these research statistics:

• 24 days is the average number of downtime days
• $228,125 is the average ransomware payment
• 86% of ransomware cases involve a threat of leaking exfiltrated data

Companies and their employees must understand that ransomware does more than force a payment—it, in effect, causes the organization to stop functioning. Consider these examples of real-world ransomware costs:

• On May 27th, 2022, the Conti ransomware hackers demanded $20M from the Costa Rican government to decrypt files.
• Major consulting firm Accenture fell victim to Ransomware on September 3rd, leading to multiple customer data leaks.
• Chip manufacturer Nvidia was the target of the ransomware group Lapsus$, who demanded a million dollars in ransom.

Admittedly, it can be hard to visualize a ransomware attack's short and long-term impacts. To help you start a discussion about ransomware threats with your colleagues, download the Ransomware Kit on the Cyber Security Hub.

How Does Ransomware Happen?

Ransomware typically happens when someone in the organization or company inadvertently clicks a link or attachment that results in these standard ransomware attack methods:

• Downloader: infiltrates a computer and then downloads additional malware to attack the computer or device.
• Malvertisement: fake criminal advertisements are displayed on real websites. When clicked, it sends the victim to a website hosting an exploit kit that uses computer or network weaknesses as the entry point.
• Phishing or Spear Phishing: emails use social engineering tactics to trick victims into downloading and opening infected attachments.
• Self-Propagation: Ransomware that spreads across a computer network, infecting any computers, servers, or devices on the network.
• Traffic Distribution System: redirects website traffic to a website that hosts an exploit kit and installs the ransomware with drive-by-download malware.

Watch the on-demand webcast to learn more about how cyber criminals use human nature to trick us into clicking links and responding to emails without thinking twice.

10 Tips to Prevent ransomware

To prevent ransomware, companies must raise employee awareness and understanding of how ransomware happens. When employees understand the real impact of ransomware, they become invested in keeping their organization (and themselves) alert to cyber attacks.

Prevent ransomware from hurting your company and employees with these 10 keys to cyber security awareness:

1. Focus on your people. Your employees are your first line of defense against ransomware. Use gamification, microlearning, and ransomware simulation tools to engage and empower employees.
2. Educate your employees. Use real-life scenario-based training to teach your employees how and when to open attachments from senders they do not know. Make sure you teach in a fun and diversified way to keep your employees engaged.
3. Develop cyber security heroes. Foster a culture that encourages behavior changes that create internal cyber security heroes motivated to keep your organization safe and secure.
4. Prioritize behavioral change. Create a corporate culture that encourages cyber security awareness, learning, discussion, and openness that helps employees slow down and carefully review emails, attachments, and advertisements.
5. Make security awareness training available. Make it easy for employees to participate in cyber security awareness training. Give employees the training that fits with how and when they learn.
6. Consistent communication. Provide ongoing communication and campaigns about ransomware, cyber security, and the risks in emails, text messages, and attachments.
7. Configure your anti-spam filters for dangerous file types. While cyber criminals can launch some ransomware attacks through something as familiar as a Word file, most of them rely on less common executable file types. Setting your spam filters to flag files such as .exe, .vbs, and .scr can go a long way in preventing ransomware attacks.
8. Use the Show File Extension feature. An increasing number of ransomware attacks disguise the file carrying the malicious code in a file such as Table.xlsx.exe. Turning on Windows' Show File Extension feature completely negates these attacks.
9. Employ the Principle of Least Privilege. Ensuring all your users have only the level of access required to do their job can limit the damage a ransomware attack can do.
10. Monitor your network. Ransomware attacks are dangerous, but you're not completely powerless against them if you catch them early enough. A strong monitoring tool coupled with appropriate network segmentation can allow you to stop an attack in its tracks. For example, you should keep weak access points, such as IoT devices, on a separate segment that can't access your business-critical data.

These might seem like small, inconsequential steps but making these attacks more tedious to achieve and more difficult to propagate is how we'll force hackers to stop relying on them. If every ransomware attack becomes harder to carry out, if more companies resolve them without paying, hackers are bound to stop launching them eventually.

Don't Fall Victim to Ransomware

Ransomware attacks are prevalent for two reasons: they are simple to execute and bring massive financial gains to the attackers. However, the more educated your users are about them, the less effective they will become.

Many of these attacks are carried out via phishing emails or result from poor password hygiene. Secure software architectures like Zero Trust Networks can also ensure that hackers can only gain access to limited portions of your systems that can be recovered or reset.

These attacks are prevented by implementing better user guidelines and staying one step ahead of the current ransomware delivery methods. Additionally, IT professionals must stop treating ransomware as this unbeatable boogeyman. You can utilize numerous strategies and tactics at any stage of this attack—prevention being the best, as always.

Check out our phishing simulation to start educating your users with no strings attached.