To prevent ransomware, companies need to focus on giving their employees actionable security awareness training that educates, empowers, and motivates. For this to happen, employees must understand the facts around ransomware and the profound, long-term impact it can have on the company.
Once a ransomware attack is successfully executed, there are very few options for the affected company apart from paying. The results can still be devastating even after their systems are back online. To effectively prevent ransomware, companies need to create a culture of awareness that gives employees the means to protect themselves and the organization from these cyberattacks.
What is Ransomware?
To prevent ransomware, your users must be able to recognize it and learn how it happens. Ransomware is a type of cybercrime that holds data for ransom. Cybercriminals use malware to lock access to information on computer networks, mobile devices, and servers, forcing victims to pay to free their data.
No one is safe from ransomware attacks. Cybercriminals target companies and individuals alike. However, they focus mainly on organizations that heavily rely on their data in their day-to-day operations, such as hospitals, educational institutions, governments, and police departments.
The most common method for launching a ransomware attack is with a phishing or spear-phishing email that encourages the recipient to click a link, download an attachment, or visit a website that is infected with malware.
Once the malware has trapped the data and, in many cases, shut down the company’s entire computer network, criminals demand payment. Typically, the payment is requested in Bitcoin – a cryptocurrency that is notoriously difficult to track.
Paying the ransom isn’t even the most significant blow for the victim. A complete system shutdown for a few days has dire consequences for most companies regarding operations and supply chain.
Even once employees are back online, IT services may remain slow for weeks and even months until the network is re-secured and scanned for traps left behind by the hackers to repeat the attack at a later date.
An increasingly troubling trend is attacks that threaten data exfiltration. In the past, companies that had proper backups wouldn’t even engage with ransomware attacks. They’d simply reset all their machines to a previous version and go on with their day. However, ransomware attacks have evolved and don’t merely hold data hostage. They threaten to release the data in the wild. In that case, you might find yourself paying the hackers to make sure they don’t release your client’s personal information, even if you have a backup.
Ransomware has become such a considerable threat that the FBI released a special alert in October 2019 to raise awareness.
“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.” (High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations, October 2, 2019)
How Much Damage Does Ransomware Cause?
Ransomware attacks are a growing trend, with a report published by insurer Beazley Group noted a 130% increase in this type of threat in 2020. The damage caused by ransomware is far-reaching, hurting companies and organizations beyond the cost of paying to release their data.
According to the recent Coveware Q3 Ransomware Marketplace Report, the damage done by ransomware can be divided into two primary costs: recovery costs and downtime costs.
Coveware reports that the downtime costs of ransomware attacks are on average 5-10 times the actual ransomware payout. These downtime costs include lost productivity, cancelled contracts, and the loss of industry confidence.
Preventing ransomware must be a priority, as evidenced by these Coveware research statistics:
- 19 days is the average number of downtime days.
- $233,817 is the average ransomware payment.
- 8% of data is never recovered.
Companies and their employees must understand that ransomware does more than forcing a payment – it, in effect, causes the organization to stop functioning.
Consider these examples of real-world ransomware costs:
- In 2020, the city of Baltimore lost 18 million dollars in value from an attack that is still crippling their school system to this day
- Leading foreign exchange Travelex paid a 2.3 million dollars ransom after attackers brought their app offline and locked out all their users from their accounts.
- Danish aluminum producer Norsk Hydro resolved to pay a whopping 85 million dollars after a ransomware attack took their manufacturing lines to a halt and forced their employees to revert to pen and paper.
Admittedly, it can be hard to visualize the short- and long-term impacts of a ransomware attack. To help you start a discussion about ransomware threats with your colleagues, download the Ransomware Kit on the Cyber Security Hub.
How Does Ransomware Happen?
Ransomware typically happens when someone in the organization or company inadvertently clicks a link or attachment that results in these common ransomware attack methods:
- Downloader: infiltrates a computer and then downloads additional malware to attack the computer or device.
- Malvertisement: fake criminal advertisements are displayed on real websites. When clicked, it sends the victim to a website hosting an exploit kit that uses computer or network weaknesses as the entry point.
- Phishing or Spear Phishing: emails use social engineering tactics to trick victims into downloading and opening infected attachments.
- Self-Propagation: ransomware that spreads across a computer network, infecting any computers, servers, or devices on the network.
- Traffic Distribution System: redirects website traffic to a website that hosts an exploit kit and then installs the ransomware with drive-by-download malware.
Watch the on-demand webcast to learn more about how cybercriminals take advantage of human nature to trick us into clicking links and responding to emails without thinking twice.
How to Prevent Ransomware
To prevent ransomware, companies raise employee awareness and understanding of how ransomware happens. When employees understand the real impact of ransomware, they become invested in keeping their organization (and themselves) alert to cyberattacks.
Prevent ransomware from hurting your company and employees with these eight keys to cyber security awareness:
- Focus on your people.
Your employees are your first line of defense against ransomware. Take advantage of gamification, microlearning, and ransomware simulation tools to engage and empower employees.
- Educate your employees.
Use real-life scenario-based training to teach your employees how and when to open attachments from senders they do not know. Make sure you teach in a fun and diversified way to keep your employees engaged. Gamification, microlearning, simulations, animated videos, and interactive online training are good ways to achieve this.
- Develop cyber security heroes.
Foster a culture that encourages behavior changes that create internal cyber security heroes motivated to keep your organization safe and secure.
- Prioritize behavioral change.
Create a corporate culture that encourages cyber security awareness learning, discussion, and openness that helps employees slow down and carefully review emails, attachments, and advertisements.
- Make security awareness training available.
Make it easy for employees to participate in cyber security awareness training. Give employees the training that fits with how and when they learn.
- Consistent communication.
Provide ongoing communication and campaigns about ransomware, cyber security, and the risks that come in emails, text messages, and attachments.
- Configure your anti-spam filters for dangerous file types.
While cyber criminals can launch some ransomware attacks through something as familiar as a Word file, most of them rely on less common executable file types. Setting your spam filters to flag files such as .exe, .vbs, and .scr can go a long way in preventing ransomware attacks.
- Use the Show File Extension feature
An increasing number of ransomware attacks disguise the file carrying the malicious code in a file such as Table.xlsx.exe. Turning on Windows’ Show File Extension feature completely negates these attacks.
- Employ the Principle of Least Privilege
Ensuring that all your users have only the level of access, they require to do their job can limit the damage a ransomware attack can do.
- Monitor your network
Ransomware attacks are dangerous, but you’re not completely powerless against them if you catch them early enough. A strong monitoring tool coupled with appropriate network segmentation can allow you to stop an attack in its tracks. For example, you should keep weak access points such as IoT devices on a separate segment that can’t access your business-critical data.
Ransomware attacks are prevalent for two reasons: they are simple to execute, and they bring massive financial gains to the attackers. However, they only remain as dangerous as they are as long as they remain shrouded in mystery. The more educated your users are about them, the less effective they will become.
Preventing these attacks is done by putting in place better user guidelines and staying one step ahead of the current ransomware delivery methods. Additionally, IT professionals must stop treating ransomware as this unbeatable boogeyman. There are numerous methods and tactics to be employed even once an attack is underway.
These might seem like small, inconsequential steps but making these attacks more tedious to achieve and more difficult to propagate is how we’ll force hackers to stop relying on them.
Cyber Security Hub : Access Exclusive Cyber Security Content
Get your Ransomware Kit for resources you can share to help users learn more about ransomware.