Ransomware attacks are one of the most widely acknowledged cyber threats in the world. High-profile incidents make the news almost every day, so it should come as no surprise that ransomware is one of the most common causes of cyber insurance claims.
The low-effort, high-reward nature of ransomware crimes is an appealing business model for bad actors. Not only has the frequency of these incidents been steadily increasing over the last few years, but their focus has shifted from consumers to businesses. Understandably, there’s significantly higher risk (and much deeper pockets) for companies, who often end up paying an average ransom amount of roughly $150,000 per incident.
As the ransomware business model has become more sophisticated, the ransom demands have skyrocketed. At Coalition, we’ve seen extortion demands jump from an average of less than $10,000 across earlier strains of ransomware, including SamSam and Dharma, to over $100,000 in 2019 with the introduction of Bitpaymer and Ryuk. These demands are even higher alongside newer threats such as Sodinokibi.
The highest demand witnessed year-to-date totaled over $6 million.
As with all cyber risk, organizations are never able to entirely prevent these attacks — but you can manage the risk you experience as a business. The risk associated with ransomware attacks can be mitigated by using a thoughtful data backup strategy. Which, thankfully, is less complicated than it sounds.
Ransomware is a specific category of cyber attack where malicious software is covertly installed on a computer with the goal of making some or all of its files inaccessible (removed from the computer, encrypted, etc.) These attackers are motivated by large payments, the collection of sensitive data, reputational harm, and overall destruction.
The malicious actor often leaves a message providing instructions for how to regain access to your files, usually in the form of a ransom note.
There are multiple ways attackers gain access:
Unfortunately, you can (and should) always assume that hackers are passively searching for companies with publicly accessible security vulnerabilities. This means that you should always be on alert.
Your business may be more at risk than others simply by virtue of your industry. When assessing potential payoff, hackers are thinking about the type of data you have, how sensitive the information is, and the value of that data (to you and others).
Businesses that may be high risk are:
In order to best protect your business against the risk of ransomware, you’ll need to develop a strategy that’s tailored to your business.
80% of ransomware incidents may have been prevented by the company having implemented two-factor authentication (2FA) or protecting their remote desktop access protocol with a Virtual Private Network (VPN). We also suggest implementing security awareness training for staff, which will help everyone keep their eyes open for suspicious activity.
Think comprehensively about all the data residing in your systems across teams like Sales, Finance, Marketing, and Operations – particularly data needed to interact with clients or other team members.
After stack-ranking your data, try to assess the cost of the best and worst-case scenarios. It’s helpful to consider the following:
The danger of ransomware attacks is that you’ll no longer have access to the information that your business needs. By assessing what that data is, and where it's stored, you can set up an effective contingency plan.
Maintaining updated backups of your data is key, but not all backup methods are created equal. We recommend using offline backups to store critical data completely separate from the primary network. Cloud backups with a username and password combination not associated with an organization’s domain are another alternative.
Our claims data suggests that onsite software backups are, by far, the least effective. Attackers are familiar with many of onsite backup methods and know exactly how to corrupt or delete them.
Keeping your data safe means you need to find a secure, easily-accessible means of storing it. We recommend the following providers for secure cloud storage:
While selecting a storage option won’t take too long, setting up a reliable backup solution will require more thoughtful planning.
Based on how much data you have, and how critical it is, you’ll want to consider:
Ransomware events are extremely disruptive to organizations. While the best cure is to avoid ransomware infections in the first place, the best way to recover from a ransomware attack is by having good backups.
There are many cloud options available, but the most important criteria are that access is not limited to a single device, your local computer cannot delete files within that storage solution, and that it works for your business – even if that means your backup solution consists of a weekly manual backup to a USB thumb drive.
If your organization is experiencing a cyber incident, Coalition’s team of in-house security experts is available 24/7/365 to help you recover! If you believe you have been infected by malware, contact Coalition immediately for breach assistance.