High-profile ransomware events are becoming an increasingly common occurrence for all businesses. Last month, President Joe Biden warned again that Russia might be preparing to wage cyberattacks against the United States in retaliation for the U.S. and its NATO allies’ economic sanctions against Moscow. As large-scale attacks continue to create eye-popping headlines about how easily cybercriminals can cripple critical infrastructure, hospitals, and schools, it is easy to forget most attacks target everyday business owners. Statistics show that ransomware attacks have grown by more than 170% since 2020, and there are no signs that things will improve in 2022.
Ransomware cyber insurance
Organizations are increasingly opting for cyber insurance coverage to help mitigate these potential risks. According to the U.S. Government Accountability Office, companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020. Furthermore, insurance premiums are rising across the board, with many companies seeing up to 30% increases.
Successful breaches breed more attacks
Ransomware typically enters a company via a phishing attack or a compromise of a vulnerable system deployed on a network’s perimeter. The infection spreads via exploits (a code that takes advantage of a software vulnerability or security flaw) or open shares, encrypting essential data as it jumps from machine to machine, after which cybercriminals withhold the encryption key and threaten to publish sensitive data unless a ransom is paid.
The attackers, many of whom are part of sophisticated and organized groups, often provide a step-by-step guide for the targeted company to transfer ransoms in cryptocurrency, sometimes in the hundreds of thousands or millions of dollars. Sadly, when faced with costly downtime and the downstream effects of having sensitive data made public, many companies comply with the attackers’ demands. Paying the ransom, in turn, incentivizes more attacks, perpetuating the cycle of crime.
While U.S. law enforcement has typically urged companies not to pay the ransom, it has yet to decide to ban such payments altogether (though the US Department of the Treasury’s Office of Foreign Assets Control regulations prohibit U.S. companies from paying up if they suspect the attackers of being covered under the OFAC cyber-related sanctions program).
Bring in the experts—with caution
Most organizations are not equipped to handle a ransomware attack appropriately without expert help, so they should immediately call reputable, experienced security consultants for their extensive ransomware remediation experience. These experts can often find flaws in the ransomware or recover the keys to decrypt data without paying the ransom.
This requires specific knowledge and experience from experts specializing in malware reverse engineering and breach analysis. These internal and external experts should be identified in company policies, as should the next steps for the team when a breach is identified.
Prevention and Mitigation
Fortunately, there are many practical things a company can implement to avoid or mitigate a ransomware attack in the first place:
1. Train all employees to identify and report phishing and weaknesses in security controls.
2. Establish and continually update the baselines of the expected behavior of devices, including their communications flow
3. Implement real-time visibility for every connected device in the organization to understand risks and be alerted if an unknown device or attacker is on the network.
4. Automate policies on existing security and networking infrastructure to quickly address an infected device or a device communicating to a ransomware C2 server via quarantine, port shutdown, or session termination policies.
5. Deploy secured backup tools that can prevent or soften the harm of an attack.
The most important thing an organization can do to prevent ransomware attacks is taking proactive risk mitigation actions. When a potentially multi-million-dollar ransom is on the line—not to mention a company’s reputation—the most experienced security experts must work on the problem as quickly as possible and follow a comprehensive recovery plan and backup strategy. Protecting businesses by implementing correct cybersecurity protocols and cyber insurance coverage is increasingly necessary for all business types, from small to large. In addition, companies should actively assess their cyber risk profile and protect themselves from residual risk. Click here to get a cyber insurance quote in 60 seconds.