Ransomware attacks are on the rise, with high-profile cases including attacks on Cleveland Hopkins Airport and the City of Akron showing just how devastating one of these attacks can be. The recent ransomware attack on Baltimore had widespread, long-lasting implications for both the government organization and individual residents.
But what exactly is ransomware, and why are there so many attacks?
The term “ransomware” comes from the fact that hackers hold important data captive until payment is provided or another demand is met. Targeting organizations like hospitals, local and regional government, and other businesses, attackers go into a system or network, inject malicious code, encrypt the data, and withhold the key until a ransom is paid.
Impact of Ransomware Attacks
The focused impact on an individual organization that is attacked can range from thousands to millions of dollars including the cost of the ransom and damages caused by the attack and the recovery.
According to Cybersecurity Ventures, ransomware damage costs are projected to reach $20 billion globally by 2021 — up from $325 million in 2015. The number one target? Healthcare organizations. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021, with damage costs growing more than 57x between 2015 and 2021.
Healthcare organizations and local and regional government organizations (such as municipalities, school districts, etc.) stand to lose a lot if their data is compromised or lost. That’s what makes them a huge target — hackers know that they’ll be desperate and more likely to pay the ransom if the data they steal is vital or the information is inaccessible. It could be literally life and death with healthcare organizations.
Aside from financial implications, daily operations are interrupted when a ransomware attack occurs. Productivity is lost, deadlines are missed, or more importantly, lives are at stake. Consider municipalities and financial organizations whose systems are locked down. People who are buying a house, paying bills, or paying a parking ticket are unable to do so. If hospital systems are compromised, vital data such as charts and insurance approval are inaccessible.
Being Prepared for a Ransomware Attack
Getting out in front of a potential ransomware attack and putting the right systems and policies in place can significantly mitigate the risk. One of the best ways to prepare for an attack is to have multiple backup locations for your data.
Many companies are backing up data to the cloud, believing it to be the safest bet. But any system — including the cloud — that is connected to a business network is at risk once a hacker infiltrates the network.
Though it may seem archaic, offline backups can be a safer solution in this circumstance. Tape, flash, or disk storage are all viable options for physical data backup.
Because offline or physical backups are subject to other threats (such as damage, fire, etc.), it can be better to have multiple backup points. That way, you have an offline copy if your company falls victim to a ransomware attack, and a cloud-based backup if there’s physical damage to a data center.
Another vital step to prepare for ransomware attacks is to educate your team. The whole organization should be aware of what ransomware and other malware risks are, how they could affect your data and your business, and ways to mitigate those risks. Train them on recognizing malicious hacking attempts via suspicious links, emails, or URL-hijacking to reduce the possibility of an employee clicking on or downloading a disguised ransomware attack.
Also, consider implementing a good endpoint security system. Endpoint security is essentially an anti-virus-like protection solution that tries to prevent malicious code from running on your system — and malicious actions from being taken on your system.
Endpoint security ranges from basic antivirus protection and network firewalls to port controls, app controls, deception technology, and more. Now that endpoints are no longer limited to just a desktop computer but rather are expanded to IoT, mobile devices, tablets, etc. (many of which are personal devices that cross into company use), there is more to keep track of and a more robust endpoint security plan necessary to reduce risk.
Finally, have a plan in place if you do end up being attacked. An Incident Response Plan (IRP) can reduce the impact if you train your team on the exact steps to take and in which order.
What to Do in Case of Attack
No matter how many preparatory steps you take, there really is no way to remove 100 percent of the risk for a ransomware attack. But you can lessen the impact should an attack occur.
The IRP mentioned above is your key to reducing the amount of damage a ransomware attack can cause. IRPs not only force you to think through what you need to do after an attack but also lays out steps in clear language that your team can easily follow during crisis mode.
When an attack occurs, it’s common for employees (and leaders) to feel panicked. A documented IRP takes the guesswork out of the plan of action and tells people what to do. It takes the burden off of employees to remember what needs to be done.
If you’ve successfully diversified your data backups, you should not have a complete and total loss. Factor into your IRP how to get vital data accessible again without exposing it to vulnerabilities while the attack is being neutralized.
Many companies will need to issue PR communications to the media to notify the public of the attack, its implications, and, when available, its resolution.
Reach Out for Assistance
Companies don’t always have the luxury of having a robust security team, or even a strong IT team to help with mitigating risk, preparing for potential attacks, or responding appropriately should a ransomware attack occur.
If your team needs expert advice, more information on ransomware risks and vulnerabilities, or help with implementing an IRP, contact MRK for a personalized discussion. Our CISOs for hire can work through the best ways to prepare your organization and lessen the impact of a potential ransomware attack.