Cybersecurity should be a top of mind concern for every organization. As companies become more dependent upon their networks than ever before to deliver products and services, they must implement the security solutions that will keep their systems up and running, and their data available when it’s needed most. While there are many forms of cyberthreats lurking out there in the virtual dark, few of them strike more fear into the hearts of organizations than ransomware.
What is Ransomware?
A form of malware that takes advantage of an organization’s need to access its data in order to conduct business, ransomware is one of the most crippling cyberthreats an organization can face. While many viruses aim to steal sensitive data or crash essential systems, ransomware takes a different approach by encrypting files on a victim’s computer. In order to access these files again, the victim must obtain a decryption key, which the attacker is happy to provide in exchange for a “modest” fee.
Of course, in most cases, this ransom fee is anything but modest. According to research by one remediate and response firm, the average ransomware ransom in late 2019 was $41,198. That number represented a sixfold increase from 2018, with many larger companies seeing ransomware demands in excess of $1 million. To make matters worse, cyberattackers often demand that their victims pay the ransom in some form of cryptocurrency that makes the money difficult (but not impossible) to track back to the perpetrators.
More importantly, however, there’s the problem of what happens AFTER the victim pays the ransom. Most ransomware attacks provide specific instructions for how to pay the ransom then receive the decryption key in exchange. Unfortunately, there’s no guarantee that the attackers will make good on this deal if the victim does pay up. Cybersecurity experts are split on the odds, but there’s a reasonably strong chance that the attackers will either withhold the decryption key (if one even exists) or provide one that doesn’t work. In some cases, they might partially decrypt the files before asking for additional ransom.
How Does Ransomware Work?
Ransomware can infiltrate a computer network through a variety of vectors, but the most common delivery system is through email phishing scams. This tactic sends out emails that look trustworthy and often pose as messages from official government agencies, companies, or even personal contacts. Once the victim opens the attached files or clicks on the embedded links, the malware downloads onto the system and begins encrypting files.
Unfortunately, once the files are encrypted, regaining access is next to impossible. In some cases, the malware is designed to delete files if the victim makes any attempt to access them or break the encryption. The attack is designed to leave the victim completely powerless and left with only two choices: pay the ransom and take their chances that the attacker will make good on their word, or refuse and suffer massive organizational disruption.
Part of the reason why ransomware is so effective is because the cost of remediating them can be quite steep. Setting aside the impacts of downtime that result from the inability to access critical data and applications, there’s also the recovery costs to consider. The infamous 2018 ransomware attack that held the City of Atlanta hostage for a time reportedly cost the city as much as $17 million.
What are the Two Best Ways to Prevent Ransomware Attacks?
Fortunately, there are some relatively simple steps both individuals and organizations can take to protect their network systems from malware and help prevent ransomware attacks.
1. Multi-Factor Authentication
One of the easiest ways to combat the ransomware threat (and many other cybersecurity threats) is to put multi-factor authentication systems in place to make it more difficult for unauthorized users to gain access to accounts. Most accounts require only a username and password to log into a system. These are known as “knowledge factors” because they are something a user “knows” and can enter into a form field. Unfortunately, malware has a variety of tactics for uncovering this information and using it to the attacker’s advantage.
Multi-factor authentication places an additional layer of protection on a system by requiring users to provide another form of identification to access a system. This could be an “inherence factor,” or something that is inherent to the individual (usually biometric data), or a “possession factor,” which is something that they possess (like a unique text code or security token).
Implementing multi-factor authentication can significantly increase account security. Ransomware typically uses the victim’s access credentials to infiltrate broader systems, so adding another layer of protection makes it much more difficult for malware to get a foothold. According to research by Microsoft, multi-factor authentication blocks 99.9% of account hacks. Considering that the company’s Azure cloud platform sees up to 300 million fraudulent sign-in attempts every day, it’s surprising that more organizations have not made multi-factor authentication a mandatory security feature for all user accounts.
2. Anti-Phishing Strategies
Since most ransomware uses email phishing attacks to target victims and spread into networks, anti-phishing strategies are another highly effective solution every organization should implement. While there are a number of anti-phishing technologies available (such as email filters and DNS authenticators), no single solution will stop 100% of phishing attacks. That’s why it’s important for organizations to take a multi-faceted approach to combat the latest phishing tactics.
The first step, of course, should be to implement anti-phishing software solutions that identify and block as many emails containing malicious links or infected attachments as possible. These programs utilize intelligent threat detection that is regularly updated to account for the latest phishing tactics. Although public email services (such as Gmail and Outlook) are able to screen out the more obvious threats, most enterprises and small businesses should consider a more dedicated anti-phishing solution to further mitigate risk.
Inevitably, however, some phishing scams will make their way through. Cyberattackers are constantly developing new strategies and tools to bypass security measures, and the odds are good that they will occasionally succeed. That’s why it’s absolutely critical for every organization to educate its employees about how to identify and report potential phishing scams. Common sense and awareness can often provide a last line of defense against ransomware and other forms of malware delivered through phishing attacks.
While ransomware represents a serious threat to both organizations and individuals, the steps that can help mitigate this risk are relatively low-cost and easy to implement. Implementing multi-factor authentication offers the strongest protection against attacks that are trying to gain access to user accounts, while anti-phishing technology and awareness can head off many attacks before they even have a chance to seek access.
The first step to combating any threat, of course, is knowing that it exists. To learn more about the potential vulnerabilities that exist in your IT network, contact the experts at DSM to schedule a vulnerability assessment.