Avoiding a ransomware lockout

RANSOMWARE IS A TYPE OF MALWARE that encrypts data on computers, mobile devices and networks and locks users out. It allows cybercriminals to demand payment for the release of data or return of service. It can be delivered in various ways, including fraudulent emails and websites, unpatched remote network portals and pop-up warnings with phony links to technical support.

Cybercrime that leverages ransomware is becoming more sophisticated and ransomware demands are increasing. The average ransom demand in Q2 of 2021 was $136,576, with median ransom payments hovering around $47,000.¹ But it’s not just money at stake. Criminals also may threaten to release proprietary data or intellectual property they have seized to damage the fortunes or reputation of a business.

Ransomware is often a crime of opportunity. It works because the perpetrators understand that a targeted business or individual has been compromised at a time when they can ill-afford to interrupt service or operations. Targeting hospitals during a pandemic, businesses that can be ruined by a few hours of downtime or cities responding to a crisis are just a few examples of this opportunism.

There is no infallible defense against ransomware. Criminals continue to refine software and access methods and may even sell particularly effective strains to less-adept hackers. But individuals and businesses can protect themselves through cyber education and, most importantly, preparedness. Organizations that develop backup and remediation plans can give themselves options that can greatly reduce the severity and length of a ransomware incident.

How ransomware attempts can succeed

Like other forms of malware, ransomware often is packaged into communications that contain malware or hyperlinks to infected sources. The criminals rely on unsuspecting device users responding to prompts or following links that allow the malware to load.

As businesses and supply chains become more interconnected, ransomware is also launched through vectors such as weaknesses in third-party networks or unsecured back-ends of legitimate websites that help mobile and off-site workers access company servers.

In some cases, cybercriminals may first access a company’s network undetected. They will take time to learn how the organization operates and where its network is weakest. It may be months before they decide to launch the ransomware, but the reconnaissance can make the attempt much more effective.

Prevention begins with preparedness

Thwarting ransomware attempts begins with understanding what services and data are most valuable to an organization. If a company depends on uninterrupted service for its customers, it should explore how it could maintain service should criminals seize control of the network.

Whether a company needs to protect its finances, data, reputation or services, there are several steps to take that greatly reduce the risk and potential damage of a ransomware incident:

• Regularly back up critical systems. Critical data should be backed up daily in locations outside the primary company network. Encryption technology can provide another layer of defense for the most critical or sensitive data.
• Maintain lines of defense. Ransomware prevention and anti-virus software should be installed, and network scans should be conducted regularly. Email filters can block known sources of ransomware and spam.
• Build a formal, well-defined ransomware response plan. Companies should construct a step-by-step playbook that establishes response chains of command and describes specific actions employees must perform.
• Promote secure online interactions and organizational preparedness through training. Decision makers should educate employees about the risks of clicking on suspicious emails and using public Wi-Fi networks when working remotely. They should provide training materials that keep employees current on the digital threat landscape and, when possible, run cyber-event simulations to help develop the organization’s incident-response capabilities.