You’ve heard it time and time again, COVID-19 changed the world. Although the full impact of the pandemic is not yet understood, we do know that it enhanced the business of ransomware significantly. So, to protect your organization from attack, you must adapt faster than the hackers (daunting, we know). To learn more about how COVID-19 has amplified “the business of ransomware”, and how you can prepare your organization for the attack, continue reading below.
“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” - Symantec
What is Ransomware?
Ransomware made its grand debut in 1989 via floppy disks. Yes, you read that correctly, FLOPPY DISKS, but the more modern kind that we know today began in 2005 with Trojan.Gpcoder. As the name implies, ransomware holds an individual or an organizations data hostage by encrypting that data and not providing the encryption key until a ransom is paid, usually in cryptocurrencies. No industry is safe with malicious actors targeting commercial organizations, financial institutions, higher education and even government. These attacks can result in major costs that involve lost productivity, lost revenue, response costs, reputation damage, and cleanup costs; not to mention the payout cost should you choose to pay it. Later, we will discuss how to protect your organization from having to do so.Common Delivery Methods
According to Group-IB in 2020, “Remote Desktop Protocol (RDP) servers were the most used vector to gain initial access (52%), followed by phishing (29%), and exploitation of public-facing applications (17%).”
Some other common ways that attackers get access to data include:
Lack of end-user cybersecurity training
Weak passwords/ access management
Malicious websites/ web ads
Poor user practices/ gullibility
Spam/ Phishing emails
COVID-19 & Ransomware
2020 was a blur for many of us, with one unfortunate circumstance after another affecting our lives. Although where most see crisis, cybercriminals see opportunity.
“Ransomware attacks grew by more than 150% in 2020. The average ransom demand increased by more than twofold and demands at the top of the cyber-extorsion scale exceeded $1 million.” Group-IB
How did the pandemic fuel the ransomware business?
Remote Work: With the influx of employees working remotely with little to no notice, there was a sudden increase in unmanaged devices with secure information on them. This gave a new opportunity for hackers to prey on users that were now even more vulnerable. Individual employees became the gateway to organizations critical data.
Overwhelmed Employees: COVID-19 hit so suddenly that many businesses couldn’t prepare for what was to come. Many were laid off due to extreme budget cuts, and those that remained were given the extra workload to make up for it. With that came gaps in protection from ransomware because IT teams were overwhelmed, mostly trying to ensure that the newly remote staff could continue doing their jobs.
Budget Cuts: Along with employees being laid off to help offset revenue losses, most departmental budgets were either put on hold or cut. No one knew how long quarantine or the pandemic would last, so organizations had to make the cuts they thought were necessary due to a sharp decrease in revenue in numerous industries. For many, this meant that their technology became outdated with little-to-no budget or staff for implementation and maintenance, fewer security measures, less monitoring, etc. This left organizations with major vulnerabilities, ripe for a ransomware attack.
One sector that was majorly affected was the medical industry. Of course, during a global health crisis hospitals need their systems up and running more than ever, and attackers knew this. One of the most prominent ransomware versions used was Ryuk, attributed to the hacker group WIZARD SPIDER, which hit at least 235 hospital and patient care facilities (so far) during this pandemic. Hackers saw the perfect opportunity to hit an industry that would most likely pay a ransom out of a dire need to remain up and running.
Best Practices to Prevent Payout
With the ever-increasing threat of ransomware, it’s not a matter of if you will get hit, but when, and how you respond to a threat can determine how much your company will lose. The cybersecurity industry all but agrees on one thing though, you should never pay the ransom. But a lot of businesses struggle with that idea because sometimes the ransom is cheaper than the amount of money they are losing in downtime. However, paying the ransom only fuels hackers as they continue to profit off desperate organizations. Not to mention, nothing stops them from accepting your (likely) large payment and then not giving you the decryption key to retrieve your data.
So, how can you prevent having to pay the ransom?
Backups: Backups of your critical data give attackers a lot less leverage; rather than pay up, victims can restore previously saved data with minimal loss. But make sure that you have a third copy of your data offsite because if the primary site and onsite backups are compromised, you’ll need the offsite copy for any hope to restore.
Review and exercise your incident response plan now: Instead of scrambling and impulsively paying the ransom out of fear, you need to have a solid disaster recovery and business continuity plan in place for a ransomware attack (like you do for natural disasters).
Work with a Managed Services Provider: Managing IT can be a burden, especially for small and mid-size organizations. A reputable Managed Services Provider can help maintain and monitor the security of your data and assist in recovery in the event of an attack or breach.
How DSM Can Help
Since April, researchers at CPR have seen an average of over 1,000 organizations being impacted by ransomware every week. With numbers like that, protection has never been more critical. Wouldn’t it be nice to have peace of mind knowing that your data is secure?
When you partner with DSM, you can. Our team of experts (available 24/7/365) can help your organization implement a data security strategy designed specifically for your business. If you want to learn more about how we can safeguard your data, AND your wallet, contact the experts at DSM today.