The thought of ransomware infecting your organisation is enough to send shivers down even the most hardened businessperson’s spine. This is because ransomware is a severe threat, as Hackney Council found out in 2020. The council was infected with ransomware, with the sensitive data of residents and council staff exposed on a hacking group’s leak site.
The cyber attack wreaked havoc on the council; aside exposed data, staff could not use IT systems and had to turn to pen and paper during the council’s response. The cost to the council was £12.2 million. The Hackney ransomware attack is, unfortunately, not a rare event. According to the Sophos “2022 State of Ransomware” report, 66% of organisations interviewed suffered from a ransomware attack in 2021.
With ransomware an impending threat, organisations must prepare to take on this insidious challenge; here are some ways to ensure your organisation does not suffer from the costs and harm of ransomware.
Ransomware From Encryption to Compromise and Theft
In 2021, over three-quarters (78%) of organisations suffered a ransomware attack that started with a malicious email. Another report from IBM found that almost half (46%) of companies experienced more than one ransomware attack in the previous two years. Of those, 61% paid the ransom.
Once upon a time, ransomware would encrypt your files and documents, a ransom demand popping up on network devices, demanding payment to decrypt the assets. However, those days of straightforward ransomware encryption and extortion are long gone; modern ransomware works on a double-extortion basis. Not only does ransomware encrypt your files and documents, but the malware also steals data and threatens its exposure unless you quickly pay the ransom.
Ransomware-as-a-Service (RaaS) is also making it easier for a wider community of cybercriminals to use ransomware to extort money. RaaS uses an affiliate business model; a hacking gang creates the components needed to execute a RaaS-based attack. Hackers provide the affiliate with a phishing email template, any associated spoof websites, ransomware, etc. This hacking group will take around 20% of any ransom payments the affiliate collects, who then keeps the rest of the money.
Some researchers predict that new variants of ransomware will turn to data corruption after stealing data; the expectation is that companies with no backup will be desperate to pay the ransom demand to stand any chance of getting their data back. The data corruption technique may also help to avoid detection by security tools, such as email gateways.
This latter capability of new ransomware variants will leave a gaping hole in technological-only responses to ransomware. This is where human-centric security awareness can help prevent ransomware infection.
How Ransomware Enters Your Network
Understanding how ransomware is installed and gains a foothold on a network helps to find strategies to protect against ransomware threats. The IBM study mentioned previously also explored how ransomware is delivered. The results show cybercriminals exploiting the human in the machine with the delivery of ransomware using the following methods:
- Phishing or social engineering (45%)
- Insecure or spoofed websites (22%)
- Social media (19%)
- Malvertisements (13%)
The results focus on the human element of cybersecurity; ransomware fraudsters target the platforms that people use most as a method of entry into an organisation. This important observation informs the best ways to protect your organisation from ransomware attacks.
Three Tips to Protect Against the Latest Ransomware Threats
Security software is essential in the fight against ransomware. However, with new ransomware strains increasingly evading detection by security software, organisations must turn to human-centric security to close the gap. Here are three tips for protecting your organisation from the latest ransomware threat:
Create a security culture
Ransomware is delivered via the manipulation of people. To fight fire with fire, ensure that your people understand how cybercriminals manipulate their behaviour and how ransomware infects devices and data stores across the network. You can build a security culture by carrying out regular security awareness training sessions across your entire organisation, including contractors and other business associates. A security culture will imbue your employees and suppliers with a security-first mindset. This will translate into practical ways to minimise the ransomware threat and mitigate the threats from phishing and other social engineering attacks.
Use phishing simulations
The IBM study shows that phishing and social engineering are still the number one way that ransomware is delivered. Use simulated phishing exercises to empower employees with the knowledge to understand how they are targeted by phishing and how to recognise the signs of a phishing email that will lead to credential theft and ransomware infection. Many ransomware attackers will use spear phishing and target specific organisational roles. Use phishing simulation solutions that provide role-based phishing simulations to focus on those most at risk.
Apply the correct technological measures
Technological measures must still be used to augment and support human-centric security. For example, tools to prevent ransomware include:
- A secure VPN for remote employees: ensure remote and home-based employees use a secure VPN to access any internet site.
- Timely vulnerability patching: keep all systems and devices patched and updated with security updates.
- MFA (multi-factor authentication): train your employees about the importance of password hygiene. Use multiple-factor authentication, including biometrics and authentication apps, wherever possible.
- Other security measures: build up your security arsenal using best-of-breed security measures to harden your network. This should include content scanning and filtering, and a web application firewall (WAF).
Ransomware is a lucrative business for cybercriminals, with estimates of money from ransoms being in the multiple billions. Analyst firm Cybersecurity Ventures estimate global damages to business from ransomware will reach $265 billion (USD) annually by 2031. The analyst also predicts that a ransomware attack will hit commercial businesses or consumers every 2 seconds by 2031. As such, all organisations must protect themselves from ransomware; by implementing the three tips discussed here, a business can stay safe from the fall-out caused by ransomware attacks.
