The problem of ransomware — one of the most common malware threats today — is bad and only getting worse. In recent years, the number of malicious emails has increased, the number of businesses affected has risen, and the average ransom fee has skyrocketed. Even when companies manage to get their data back, they sometimes don’t get it all and often face other issues such as significant downtime following an attack.
To make matters worse, attackers are coming up with new ways to cause trouble. As if encrypting your data wasn’t bad enough, the bad guys are now threatening to release your data to the public or get business partners to pressure you to pay, and promising to go after the personal data of company executives if they aren’t paid.
This state of affairs may make you feel scared and helpless. But there are steps you can take to fight back against these unscrupulous criminals. One thing to remember is that a ransomware attack does require someone at your company to click the wrong link. That means there’s a lot you can do in terms of education so it’s much less likely to occur. Here we get into what ransomware attackers are up to and how you can protect your organization’s valuable data.
All Companies Are Susceptible
Any company can become the victim of a ransomware attack. However, according to Norton, the following 4 groups are of particular interest to attackers:
- Groups that are perceived as having smaller security teams
- Organizations that can and will pay quickly
- Firms that hold sensitive data
- Businesses in the Western markets
The following news report shows another type of business that may be a prime target — critical infrastructure:
New Tricks
As mentioned above, ransomware attackers have extended the trouble they can cause way beyond just encrypting your data until you pay a ransom. According to TechRepublic, here are some of their latest tricks:
Vowing to publicly release the data. The criminals threaten to not only continue keeping you from accessing your data but also to publish or auction your data if you don’t pay the ransom. That means if you decide not to pay and rely on data backups instead, you could still be harmed by others being able to view sensitive information such as customer information or proprietary processes.
Contacting employees directly. Attackers may contact team members and tell them their own personal data will be leaked if the ransom isn’t paid. Often, they will target C-level leaders who have a say in whether or not the ransom is paid.
Contacting partners and customers. Attackers will reach out to affected parties and let them know their own information could be compromised if your company data is published. As a result, these organizations may feel it is in their best interest to pressure you to pay the ransom.
Enlisting insiders. Ransomware attackers may convince employees in your company to help them infiltrate the company to carry out a ransomware attack. They promise those people a portion of the ransom payment in return.
Preventing backup retrieval. The bad guys may delete your backups or change passwords on your network to prevent you from accessing them.
To Pay or Not to Pay?
If your company becomes the victim of a ransomware attack, will you pay the ransom? You may have an immediate response one way or the other, but there is really no simple answer. If you think the requested ransom is a small price to pay for your precious data, consider these facts from Gartner:
- On average, only 65% of the data is recovered, and only 8% of organizations manage to recover all data.
- Encrypted files are often unrecoverable.
- Recovering data can take several weeks, particularly if a large amount of it has been encrypted.
- There is no guarantee that the hackers won’t copy the stolen data. They could sell or disclose the information later if it has value.
On the other hand, if you think there is no way you will pay criminals for what was yours, to begin with, ask yourself what the repercussions would be if you’re unable to retrieve your information:
- How much time, money, and customer confidence will you lose?
- How much can you afford to lose and still stay in business?
- Do you have enough staff available to address this considerable issue and continue to run your business?
- What is the worst-case scenario in terms of still being able to compete in your market if trade secrets or other data are leaked?
How to Fight Back
While it may seem that ransomware attackers hold all the cards in these situations, you and your staff do have some control. Here are steps you can take to fight back against the possibility of a ransomware attack.
- Train your team. There are a few simple rules everyone should be following to avoid unleashing ransomware into your company’s network. Train your team on the red flags to look for and provide opportunities for them to practice their skills.
- Adopt a “see-something-say-something” approach. Make sure employees have someone to contact 24/7 if they see something suspicious.
- Implement a Zero Trust system. The sad truth is that anyone can be an attacker, even people within your company. A Zero Trust system forces all users to prove their identity and alert the system of their activities any time they enter the network.
- Learn the early warning signs. Monitor your network for signs that you’re about to be attacked, so you can stop it from happening.
- Back up your data. As we’ve seen, ransomware attackers have ways of preventing you from accessing even your backups. So, make sure you have at least 2 backup methods and at least one of them is offline.
- Know what you’ll do in case. No company can be 100% safe from the potential for a ransomware attack, so it’s smart to come up with a plan for what you’ll do if you become the victim of one.
There are many other steps you can take that are beyond the scope of this post. Take the time to research other measures and choose those that will work best for your company and its employees. Doing so could save you from the disastrous consequences ransomware attacks can cause.
