The rise of ransomware is one of the biggest concerns to organisations today, and as we see exceptional growth in ransomware over the years, organisations are having to ask the question, if they are breached, could they recover?
What is Ransomware?
Ransomware is a type of cyber-attack where the attacker successfully gains access to your systems, encrypts your files and the data on your network and demands a ransom for them to be released. A more recent development is that confidential data is also copied by the attackers and released publicly unless the ransom is paid.
Ransomware is not a new form of attack, however, in the last few years, there has been a concerning rise and companies, of all sizes and industries, who are unfortunately falling victim to these attacks.
The techniques used for ransomware over the years have changed from a mass “hit and hope” approach from the attackers, asking for small ransoms in the thousands of pounds, to carefully targeted attacks, taking time to do as much damage as possible and asking for hundreds of thousands if not millions in ransom. This means that it is critical for organisations to keep up to date with the latest security to avoid devastating consequences.
- 48% of UK businesses have been affected by ransomware in the past 12 months – Mimecast reports.
- 50% of the organisations affected paid the ransom. (Mimecast)
- Ransomware cases grew by 150% in 2020, with the attacks not only increasing in numbers but also in size and sophistication, threat intelligence company Group-IB reported.
- The FBI’s Cyber Division reported a 300% rise in cybercrime since the start of the COVID-19 pandemic, with an estimated 4,000 attacks taking place around the world daily.
- 50% of organisations affected paid the ransom.
- Only 8% of businesses that pay the ransom are successful in getting their data back, as reported in Sophos’ “State of Ransomware 2021” report.
- 54% of organisations say cyberattacks are too advanced for their IT team to handle. (Sophos)
- The average cost of recovery from a Ransomware attack is now close to $2 million. (Sophos)
- Three quarters (73%) of Ransomware attacks result in the data being encrypted. (Sophos)
- An estimated 70% of attacks are on small businesses.
- An estimated 80% of victims who pay ransoms suffer repeat attacks (usually within six months), having proven to attackers that they are a target who will pay, report Cybereason (Tech Target)
These are some very concerning statistics, especially as we expect the attack techniques to continue to advance and adapt, with cybercriminals continuing to take full advantage of the new hybrid working environments.
How can you prevent Ransomware Attacks?
Ransomware can be spread through a variety of different methods, commonly attacks come from attachments in emails, users viewing compromised websites, downloading and using infected software, accessing external devices, or leaving network devices unpatched, but how can you avoid this from happening?
- Educate your users on Phishing techniques – Regularly educate and test your users to ensure that they recognise a phishing attempt and they do not open suspicious email attachments or click on unknown links.
- Maintain security patches across all systems and software – Regularly patching vulnerable software is an important task that will help fight against potential attacks.
- Use a password manager tool and follow password best practices – Securing the core of your organisation with password management software is a simple and effective way of bolstering your internal security measures within
- Have an immutable copy of your backup – Just backing up your data will not necessarily protect your data in the event of a ransomware attack. Having an immutable backup ensures that you have a copy of data that is always recoverable and secure.
- Maintain an updated antivirus/security software – This will ensure that your organisation will have the best and latest protection from any new ransomware threats, therefore minimising the risk.
- Having updated security software and strong firewall policies is critical, however, be cautious of any fake software, and always use a reputable company.
- Remove any unnecessary software/plugins or add-ons – Removing any plugins and add-ons that are not needed in applications will help to prevent ransomware attacks.
- Do not pay the ransom – As tempting as it may be to pay the ransom, as you are informed it’s the only way of getting your important files back, it’s best to not pay anything at all as there isn’t any certainty that you will get your data back and the attackers are likely to insist on more money or to attack again.
In a keynote speech held in June 2021, Lindy Cameron The Head of the National Cyber Security Centre (NCSC) stated that “Ransomware is the biggest cyber threat facing the UK” and that “businesses must be better prepared.”
Often when an organisation suffers an attack, they realise, when it is too late, that they were hugely unprepared. To ensure you are protected, it is recommended that you proactively evaluate the measures you have in place and have a strategic, documented plan that will ensure that, in the event, you are comprised, you can quickly recover your systems and data, with minimal downtime or cost.
Ransomware Protection Assessment
Many organisations believe they have the systems and measures in place to recover from a breach, however having an independent analysis often reveals critical areas left unconsidered, our Ransomware Protection Assessment includes a review of your:
- Disaster Recovery Plan
- Backup Systems
- Data Immutability
- Systems Monitoring
- Internal Responsibilities and Capabilities
Having worked with several organisations of all sizes, delivering cybersecurity solutions, data protection, business continuity and disaster recovery planning, our expert team of technical consultants have extensive experience in designing systems that protect business-critical data, from every eventuality.
With the rise in Ransomware attacks becoming a growing threat to every business, an increasing number of clients are requesting our guidance, to help them define strategic recovery plans in the event of a breach.
Krome offers a range of security solutions and assessments services that can help you to understand your current position, identify any gaps and strengthen your overall cybersecurity strategy, services include:
- Phishing Assessment /Security Awareness Service
- Vulnerability Assessment & Remediation
- Cyber Essentials Plus Readiness Assessment
- Ransomware Protection Assessment
If you would be interested to learn more about how our security services can help you to understand where your systems or data is most vulnerable, and the steps required to protect your business, please get in contact using the form below.