“Even the bravest cyber defense will experience defeat when weaknesses are neglected.” ― Stephane Nappo
The practice of extorting money to secure the release of something of value is not new. History is replete with examples where people (Julius Caesar), towns (Salzburg), and even body parts (Juan Perón’s) were held for ransom.
In today’s digital environment, “ransomware” has become synonymous with the paying of “ransoms of old.” Ransomware is a type of malicious software code, which once downloaded on your computer, prevents you from accessing your computer files, systems, or networks. Once infected and locked, the perpetrators demand you pay an “unlock ransom” to regain access to your data and systems. Ransomware has become the weapon of choice by today’s cyber criminals. It appears nothing is sacred or off-limits, as ransomware is impacting every corner of our nation, including financial institutions, meat plants, gas pipelines, hospitals, schools, individuals, and both small and large businesses.
The latest high-visibility ransomware attack occurred before the 4thof July weekend, when the Russian hacker group REvil attacked the managed service provider (MSP) Kaseya. The attack focused on taking advantage of a zero-day vulnerability found on Kaseya’s remote device management software, and has now affected over 1,500 businesses. REvil demanded a ransom of $70 million. Consequentially, REVil was the same group that carried out the ransomware attack on the meat producer JBS last month, asking for a ransom of $11 million.
The Safeatlast blog identifies these “22 Shocking Ransomware Statistics for Cybersecurity in 2021”:
- Ransomware perpetrators have carried out an average of more than 4,000 attacks daily since January 1, 2016 (FBI)
- Organizations pay an average ransom of $233,217 and experience an average 19-day downtime following a ransomware attack (Coveware)
- The average cost of remediating a ransomware attack is $761,106 (Sophos)
- Cybercriminals collect their ransoms in bitcoin due to its anonymity (ECPY University)
- Experts forecast that ransomware attacks will occur against businesses every 11 seconds in 2021 (Cybercrime Magazine)
- The global cost of recovering from ransomware attacks will surpass $20 billion in 2021 (Cybercrime Magazine)
As ransomware attacks continue to grow, we must take every precaution to protect our digital resources. This includes:
- Raising employee awareness through training and education
- Evaluating the risks of using third-party services and products
- Backing up your data daily
- Ensuring all operating system, application, and security software patches are up-to-date
- Enforcing general cyber-hygiene practices
- Identifying, prioritizing, and isolating critical data assets
- Obtaining a cyber-insurance policy (although premiums are skyrocketing and ransomware coverage is dropping due to increasing attacks)
- Developing and testing incident response and continuity plans
- Staying abreast of ransomware threats and information – StopRansomware.gov is a joint U.S. Department of Homeland Security and U.S. Department of Justice one-stop-shop website for ransomware information
At the strategic level, the Biden Administration’s current ransomware strategy focuses on several lines of effort:
- Disruption of ransomware infrastructure and actors by working closely with the private sector
- International cooperation to hold countries who harbor ransom actors accountable
- Expanding cryptocurrency analysis to find and pursue criminal transactions
- Develop a cohesive and consistent approach towards ransom payments
Additionally, the U.S. Department of State’s “Rewards for Justice” program recently announced a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.
Every business and individual is susceptible to being a victim of a ransomware attack. Because paying a ransom does not guarantee you will have your data “unlocked” and returned, organizations must think differently and take extra precautions to safeguard their critical assets: “What would you do differently if you knew you were going to be robbed?”