Of all the different types of malware, ransomware has become one of the most damaging. Companies often find their operations at a standstill when ransomware infects their network, and too many of them end up paying the ransom to get their data back.
While spyware, viruses, and adware are all bad and can disrupt your business, ransomware is the threat that can immediately stop all operations, costing companies hundreds of thousands of dollars.
Ransomware is also one of the business threats that has been exploding in growth. Attack numbers are up, ransom demands have increased, and remediation costs also keep going up each year.
Over the last 12 months, remediation costs for ransomware have more than doubled, from CA$955,542 (US$761,106) to CA $2.32 million (US$1.85 million).
What’s caused ransomware to become so prevalent and costly? There are several causes that all combine to create a snowball effect.
A Majority of Companies Pay the Ransom
An average of 57% of companies pay the ransom when infected with ransomware. That’s a very good payout ratio for criminals.
Because there is a good chance that a victim will pay anywhere between several thousand to several million dollars in ransom, criminal organizations and state-sponsored hacking groups have found ransomware to be a good money-maker for them.
The attractiveness of ransomware to get a quick payout has caused many hackers and criminals to gravitate to this form of cyberattack, thus increasing attack numbers.
Additionally, as victims continue to pay the ransom, the attackers incrementally raise their ransom demands to see how much they can get away with.
Companies Often Have No Incident Response Plan
Even large companies like JBS (the world’s largest producer of beef and pork) can neglect IT security best practices, such as having an incident response plan. That company was hit with ransomware at the end of May and ended up paying CA$13.8 million (US$11 million) to the attacker so they could reopen factories and regain full operations.
Even small businesses should have an incident response plan, which includes the following:
- A breakdown of the different types of crisis events that can happen (ransomware attack, natural disaster, etc.)
- A step-by-step guide on what to do if any of those events occur
- A backup and recovery system that is tested regularly (including doing full data restore for practice)
- A chart explaining who will do what and how notifications will be made
With an incident response plan in place that is practiced regularly, companies are much less likely to need to pay an attacker. This is because they not only have the structure in place for fast recovery but also a team that is well-practiced to execute it.
Criminal Organizations Are Offering Ransomware as a Service (RaaS)
Because of the profitability of ransomware, large criminal organizations have taken it a step further. In addition to conducting their own ransomware attacks, they now sell it as a service.
Ransomware as a Service (RaaS) packages ransomware code and other assets like phishing emails and phishing sites together in a DIY package for novice online criminals.
It’s run much like online cloud Software as a Service (SaaS) tools, including the ability to subscribe for a low monthly price, available helpdesk support, and more.
RaaS now accounts for nearly two-thirds of all ransomware attacks.
Now that a person doesn’t even need to know how to write code to conduct a ransomware attack, more wannabe hackers have jumped onboard, further increasing the danger to businesses.
The Disruption of the Pandemic & Less-Secure Remote Workforce
The disruption of the pandemic and a less secure remote workforce have also fueled the rise of ransomware. While companies were adjusting to a completely new extended network environment, attackers took advantage of disconnected workers through targeted phishing campaigns.
Work-from-home employees are connected to company cloud accounts and networks remotely, so a ransomware attack on a remote worker’s computer can easily infect an entire company network.
How to Protect Your Business from Ransomware
Here are several best practices to have in place to defend against a ransomware attack:
- Keep all employee and office devices updated and patched
- Use email filtering to block phishing emails
- Use DNS filtering to block malicious websites
- Have a backup and recovery system that is checked and tested regularly
- Conduct ongoing employee security awareness training
- Have employees that work remotely or are traveling use a VPN
- Use a network firewall
- Ensure all employee devices have a reliable antivirus/anti-malware
- Run incident response drills regularly
- Have a response plan in place that employees can follow in the event of an attack
Simplify Your Cybersecurity with Dynamix Solutions
Dynamix Solutions offers state-of-the-art cybersecurity solutions that can help your Toronto or Calgary business simplify a holistic security strategy that protects you from ransomware and other online threats.