Remember about year or so ago when experts believed awareness of ransomware had increased, defenses were improving, and the number of successful ransomware attacks were likely to drop? Wishful thinking.
In a previous post, we discussed why ransomware attacks, after a brief decline, should be among your top five security priorities in 2020. The FBI shares our concerns, warning organizations that ransomware attacks were becoming more targeted, sophisticated and costly. Based on recent data, the ransomware problem could be even worse than expected.
According to Coveware research, ransom payouts more than doubled from $41,198 in Q3 2019 to $84,116 in Q4 2019. To make matters worse, ransomware attackers are now demanding ransoms for exfiltrated data and threatening to release data if ransoms aren’t paid. Average downtime caused by ransomware attacks also jumped from 12.1 days in Q3 to 16.2 days in Q4.
Imagine being unable to access critical systems, applications and data for more than two weeks. Would your business survive?
Ransomware attacks typically involve a phishing email that tricks the user into clicking a malicious link, opening a malicious file, or visiting an infected website. Malware is downloaded, installed and executed, encrypting and blocking access to user data. The ransomware attacker then offers to provide a decryption key and restore access in exchange for a ransom.
The 2019 CrowdStrike Global: Security Attitude Survey found that the number of organizations around the world that pay the ransom has more than doubled from 14 percent to 39 percent. This is a desperation move because the organization is afraid of extended downtime. However, paying the ransom only emboldens criminals to carry out more attacks with higher ransoms. Of course, criminals can also take the ransom and run without restoring encrypted systems. As a result, the FBI advises against paying ransoms.
Traditionally, ransomware attackers have targeted large enterprises that have more valuable assets and are capable of paying higher ransoms. Smaller organizations, however, particularly state and local government agencies and school systems, increasingly find themselves in the crosshairs. Two New York senators went so far as to introduce bills that ban local municipalities and governments from paying ransoms with taxpayer money.
While phishing continues to be the primary attack vector, the targeting of Remote Desktop Protocol (RDP) ports as a point of entry is becoming more common. Most organizations don’t have the resources to send staff to each location to maintain remote systems, leaving RDP ports exposed. Also, newer forms of ransomware are able to steal browser and email credentials, a dangerous capability that threatens to compromise massive amounts of data.
There are a number of steps you can take to protect your organization from ransomware, beginning with the basics. Determine which IT systems and assets are at the greatest risk and prioritize protection based on their value to the organization. Keep your operating systems, devices, software, intrusion prevention systems, antivirus, email and web security gateways, and other security tools up to date. Limit the use of social media and other potentially high-risk websites. Implement a reliable backup strategy that allows you to restore systems and data should primary versions become inaccessible.
You should also segment your network into security zones to prevent malware from spreading to different systems. As part of your incident response plan, use advanced forensic analysis tools to identify the origin of ransomware attacks, determine how long the threat has been in your environment, and make sure the threat has been completely contained and eliminated.
Needless to say, ransomware is still a serious problem that requires urgent action. Let us help you assess your security defenses and implement the necessary tools and processes to minimize the risk of compromise.