What is ransomware?
Ransomware is a type of malware that locks and encrypts your computer or device before demanding a ransom to restore access.
Your files and data are effectively held hostage. They’re inaccessible until you pay the attacker to unlock them, or you remove the ransomware from your system.
Of course, the best scenario is to prevent an attack in the first place. It saves immense stress to your people and lost productivity due to inevitable downtime. Not to mention the financial blow, should you choose to pay.
There have been several notable attacks during 2021. Darkside targeted larger organisations such as Colonial Pipeline in the USA. Meanwhile, Revil and Sodinokibi were blamed for a cyberattack on JBS, the world’s largest meat packer.
But it’s not just a problem for large corporates. Any sized business in any country can suffer a ransomware attack.
How can ransomware harm your organisation?
150%. That’s the reported growth of ransomware attacks during the first half of 20211
Not surprisingly, the head of the National Cyber Security Centre (NCSC) recently called ransomware “the most immediate danger” to UK businesses in cyber-space.
Not surprisingly, the head of the National Cyber Security Centre (NCSC) recently called ransomware “the most immediate danger” to UK businesses in cyber-space2.
Becoming infected with ransomware malware is incredibly debilitating for your entire organisation.
It can hamper daily processes you rely on. It can damage your customer service. And your productivity will fall.
A ransomware attack can harm your reputation too. Especially if you’re responsible for holding sensitive customer information.
How does ransomware work?
Whilst ransomware can access your system in several ways, the two most common methods are phishing and unprotected servers.
Phishing
Taking advantage of human error, an individual can mistakenly download malware from opening an email attachment or downloading a link which happens to come from hackers.
Phishing emails are incredibly convincing and even the most vigilant person risks being caught out. It’s a tall order to rely on your whole team to get this right. Many organisations put controls in place to catch phishing emails before a mistake is made.
Unprotected servers
Seeking to undermine technical gaps in protection, attackers look for delays in implementing patches (even by a few days), unrestricted access points, and weak firewalls.
It’s a constant battle for IT departments to keep on top of this. And patches often require testing before implementation – some delays are inevitable.
Once the malware has got onto the victim’s computer, hackers take it over and demand their ransom, demanding payment in various ways. Most commonly, they request a cryptocurrency as it’s much harder to trace.
Why are ransomware attacks on the increase?
One reason we’re seeing far more ransomware attacks is because the software has become far more accessible. Ransomware-as-a-Service (RaaS) offers an affordable subscription (from as little as $50) to allow use of already-developed ransomware tools. They’re basic, but they can do harm.
The malware variants used for ransomware attacks also have a short lifespan. This means they’re much harder to detect. In a matter of days, they can evolve into a new variant.
Agile and adept, traditional malware detection methods are insufficient in these instances.
The pandemic impact
What about the impact of recent lockdowns and the need for so many of us to work remotely?
The rush to work from home left IT prioritising urgent accessibility. Sometimes to the detriment of security. These two factors have different objectives. IT wants availability first. Security wants everything secure first. Under pressure, accessibility becomes the priority to remain operational.
When teams work together, face-to-face, security education is easier to achieve. Regular cyber-aware discussions reinforce best-practice. When people work from home, they’re more isolated from this aspect of security.
During the pandemic, having fit-for-purpose technology took centre stage. Whatever it took to work from home. As a result, holes appeared in some corporate networks as employees accessed from home IP addresses and didn’t use VPNs or adequate manual security protocols.
This created a huge opportunity for cyberattackers. ABC News reported malicious emails were up 600% in 2021 due to COVID-19. And ransomware attacks – small and large – became far more prevalent.
Thankfully, many organisations are fixing outstanding holes in their security with the help of specialist cybersecurity support. Far better to avoid an attack in the first place.
What does the future hold?
There’s no doubt. Ransomware attacks are here to stay. Cybercrime has become extremely organised, often run like a business.
The potential gains are huge, whilst the risks of being caught remain low.
The largest known pay-out in 2021 (to date) has been $40 million. Even the average known ransom for a mid-sized organisation is high at $170,404
Compared to carrying out a bank robbery, the risk for attackers is low. What with slow detection methods and cross-country laws, it’s incredibly hard to catch the perpetrator.
Given such a picture, businesses must step up to protect themselves from ransomware attacks. Prevention is far better than cure. It’s key to have an understanding of how ransomware works and how it can be stopped.
The largest known pay-out in 2021 (to date) has been $40 million
How can LRQA help?
Every organisation requires different support, so our starting point is a Ransomware Readiness Assessment.
Using our in-depth knowledge about how cyberattackers attempt to place malware in your systems, we look for gaps in your security.
This includes technical controls such as anti-virus software, end-point detection, and your incident response policy. We also look for weak spots in your processes and people.
For example, do you have a security reporting protocol in place and are people following it? Should their computer act strangely, do they know who to tell – and is it investigated?
Following assessment, we help you strengthen your defence against ransomware attacks and plug the gaps. This might include our 24/7 monitoring service or installing an Endpoint Detection and Response (EDR) security solution.
Whatever your ransomware concerns, contact us to become one step ahead of the attackers and protect your business interests.
If your organisation is experiencing a security incident such as a Malware or Ransomware attack right now and you need immediate assistance LRQA have the Incident Responders to help.