The State of Ransomware

Ransomware is one of the most profitable types of malware reaching over $20 billion in global damages in 2021, with projections of over $265 billion by 2031. What makes ransomware so profitable is that most businesses function either entirely or partially online and they simply can’t afford to go an extended period of time without accessing their electronic data. What this means for an attacker is that they can be almost certain that a company will pay a reasonable price to get their information back and this is how so many hackers make money. When you combine this with the fact that cryptocurrencies such as bitcoin have dramatically increased in value in the last few years this further increases the profits since most hackers demand payment in bitcoin. Let’s look at the state of ransomware and how it’s affecting businesses:

Source @safetydetectives

What is ransomware?

Ransomware is a type of malware that encrypts the victims machines so that none of the data is accessible by the owner. Once the data on the machine is encrypted the user is presented with a ransom note that tells the user that if they want their data decrypted and returned to them that they must pay a ransom. This allows attackers to directly extract money from a business and it’s become one of the most popular types of malware for organized crime groups. In most cases once the company pays the ransom then the attackers will return the data to them, primarily because they want to encourage other people to pay the ransom and not honouring the agreement would discourage people. However, it’s not a guarantee that they will return your data to you and even if they do many times they will keep a copy of that information and they may sell it online to other people at a later date. It’s a very difficult situation to find yourself in.

Source @extrahop

Who is being targeted by ransomware?

Ransomware can affect almost any industry and even individual people but there are some companies that are more at risk than others. For example government agencies are one of the most frequently targeted by hackers with ransomware.

Source @safety detectives

Within companies the most common target is actually the employees themselves, a significant amount of malware is downloaded due to phishing emails delivered to employees. Currently attackers find it much easier to exploit the human element of security rather than find complex technical vulnerabilities.

Source @safetydetectives

How can you defend against ransomware attacks? Fortunately there are several things you can do to help mitigate the risk of a ransomware attack against your company: 1) Have good data backups: One of the best things you can have if you suffer a ransomware attack are good, reliable data backups. This way even if your data is encrypted it can be restored without needing to pay a ransom. It’s important that these backups are made regularly, stored offsite on a separate network and that you have done testing to make sure that they can be used to restore your data easily. It does no good to have data backups if you don’t know how to use them. This is why things like business continuity planning and disaster recovery training are important.

2) Email Security: Since most ransomware is delivered via email, you should invest in email security software that can detect malicious attachments before they get to your users. If you can flag the emails before they get to your users then there’s zero chance for someone to make a mistake and download it. 3) User awareness training: Next, in the event that a malicious email does make it to your users the next line of defence is to have good user training that will allow them to identify these malicious attachments and avoid downloading them. Hackers are constantly finding ways around software detection so it’s important that users can identify these emails when they do make it past your software. 4) Weak Passwords: Another popular attack vector is to exploit weak passwords in user accounts. If you have internet facing login portals that have default accounts with weak passwords, hackers can easily guess those passwords and use those accounts as an entry point into the network.

5) Patch Management: Staying up to date with your patching can eliminate a lot of security vulnerabilities and the more software your company uses the more important it is to make sure that they are kept up to date with the latest security patches.

How to get more free content

If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on getoppos social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.