© Bank of America Corporation. All rights reserved.
Cyber criminals routinely attempt to hold businesses hostage with malware that encrypts data and can freeze an organization’s network. Here’s how you can make it harder for them to succeed.
Ransomware is a type of malware that encrypts data on computers, mobile devices and networks and locks users out. It allows cyber criminals to demand payment for the release of data or return of service. It can be delivered in a variety of ways, including fraudulent emails and websites, unpatched remote network portals and pop-up warnings with phony links to technical support.
Cyber crime that leverages ransomware is becoming more sophisticated and ransomware demands are increasing. The average demand in the last quarter of 2019 was $84,116, more than double the average of the preceding quarter.1 But it’s not just money at stake. Criminals may also threaten to release proprietary data or intellectual property they have seized to damage the fortunes or reputation of a business.
Ransomware is often a crime of opportunity. It works because the perpetrators understand that a targeted business or individual has been compromised at a time when they can ill-afford to interrupt service or operations. Targeting hospitals during a pandemic, businesses that can be ruined by a few hours of downtime or cities responding to a crisis are just a few examples of this opportunism.
There is no infallible defense against ransomware. Criminals continue to refine software and access methods and may even sell particularly effective strains to less-adept hackers. But individuals and businesses can protect themselves through cyber education and, most importantly, preparedness. Organizations that develop backup and remediation plans can give themselves options that can greatly reduce the severity and length of a ransomware incident.
Like other forms of malware, ransomware often is packaged into communications that contain malware or hyperlinks to infected sources. The criminals rely on unsuspecting device users responding to prompts or following links that allow the malware to load.
As businesses and supply chains become more interconnected, ransomware is also launched through vectors such as weaknesses in third-party networks or unsecured back-ends of legitimate websites that help mobile and off-site workers access company servers.
In some cases, cyber criminals may first access a company’s network undetected. They will take time to learn how the organization operates and where its network is weakest. It may be months before they decide to launch the ransomware, but the reconnaissance can make the attempt much more effective.
Thwarting ransomware attempts begins with understanding what services and data are most valuable to an organization. If a company depends on uninterrupted service for its customers, it should explore how it could maintain service should criminals seize control of the network.
Whether a company needs to protect its finances, data, reputation or services, there are several steps to take that greatly reduce the risk and potential damage of a ransomware incident:
1 Coveware Incident Response Team, “Ransomware Costs Double as Ryuk, Sodinokibi Proliferate.”
2 IBM Security, "Cost of Data Breach, 2020."
3,4 Verizon, Mobile Security Index, 2019.
5 CyberEdge Group. "Cyberthreat Defense Report, 2020"
6 FireEye Threat Research, "They Come in the Night: Ransomware Deployment Trends, March 16, 2020"
7 Cybercrime Magazine, October 21, 2019.