The Dallas City Government. Colonial Oil. The UK’s Royal Mail Service. Denmark’s CloudNordic.
Ransomware is a worldwide threat, and it’s rare that a week goes by without another high-profile attack being revealed. What you won’t find in the headlines, though, are the innumerable assaults on smaller organizations, businesses that don’t have the deep pockets often required to recover from this existential threat.
Why the proliferation? A few reasons, but primary among them is the advent of Ransomware as a Service (RaaS). RaaS is essentially off-the-shelf malware available to anyone on the Dark Web. In other words, the barrier to entry into the ransomware game has been lowered dramatically.
Another significant change in the ransomware landscape is the rise of so-called double extortion attacks. Instead of simply locking down a company’s data and sending a decryption key upon payment of the ransom, the double extortion attack threatens to publish the stolen information on the Dark Web. This often includes the personal identifiable information (PII) of customers, but might also encompass intellectual property, the loss of which can ruin a company’s competitive standing.
A third trend is a move away from mass phishing attacks. A decade ago, a ransomware variant called CryptoLocker ran wild in a sustained attack that began in September and lasted well into the next year, affecting some 250,000 businesses. Today’s malware purveyors are much more likely to use a targeted approach, selecting businesses individually and customizing their attack strategies.
It should be noted that ransomware isn’t the only peril in the cyber landscape. Business email compromise (BEC) attacks, where a hacker pretends to be an employee, vendor or customer, are also big business, and very costly to victims.
As we’ve said for years, the best strategy for recovering from a ransomware or BEC attack is to prevent it from happening in the first place. According to one study, only 16% of victimized companies get all of their data back whether they pay the ransom or not. CloudNordic, the Danish cloud hosting firm mentioned above, will essentially have to start over, as its customers lost the vast majority of their data. One article quotes the company’s chairman as saying, “I don’t expect that there will be any customers left with us when this is over.” So when we use the words “existential threat,” we’re not exaggerating.
What hasn’t changed are the two main vectors for ransomware attacks: phishing tactics (especially emails) and insider attacks, where a rogue employee provides access in return for payment. Training your team – and updating that training on a regular basis – is your first line of defense.
Like all thieves, malware purveyors seek the easiest target. While no single solution is one hundred percent effective, a combination of procedures and practices can help to make sure your business isn’t the low-hanging fruit.
Questions about defending your business from potential attacks? Contact Hill Tech Solutions.