Ransomware attacks have more than doubled this year. This increase is particularly concerning as Cybercriminals turn to powerful new forms of file-locking malware and destructive system tactics to conduct attacks that are more lucrative than ever before.
Ransomware has grown to be one of the biggest problems on the web. In the second quarter of 2019 alone, Malewarebytes reported a 363 percent year-over-year increase in ransomware attacks of US businesses. Victims can only regain access to their encrypted files and PCs by paying a ransom to the cybercriminals.
Cybercriminals are moving away from targeting individuals to focusing on businesses and government organizations. Their motivation, higher returns, and access to more sensitive data that is being sold on the dark web. Just how big of a financial impact is this new wave of ransomware attacks having on US businesses? In a recent report, Coveware reported “hackers are demanding higher ransom amounts. In the second quarter of 2019, the average ransom payment increased by 184 percent to $36,295 as compared to $12,762 in the first quarter of the year.”
A New Attack Approach
“Ransomware attacks are increasing in their complexity and sophistication, often using tactics developed by nation-state cybercriminals,” says Shawn Waldman, CEO of Secure Cyber Defense. Rather than just encrypting files and servers, the new ransomware approaches are locking down entire network environments. This advanced tactic aims to prevent organizations from recovering back up data, keeping them from getting back up and running. The cybercriminal hopes that the pressure of locked-down network systems will leave them no choice but to pay the ransom.
Industries hit hardest by the recent wave of ransomware attacks include manufacturing, healthcare, finance, education and oil and gas. IBM’s X-Force Incident Response and Intelligence Services (IRIS) Report shows half of the most destructive campaigns targeted manufacturing. Given the success of the attacks in the first half of the year, the number and variety of companies at risk will only increase.
Once attackers gain access, they hide within an organizations’ networks gathering information, expanding their network access, and planning their attack. Attackers will often go to great lengths to preserve access to critical network infrastructure and backup data to buy time for getting their ransom paid or to cause as much damage as possible if they think their demands are not being met.
The Hidden Cost of Ransomware
Beyond the cost of regaining control of a company’s network, there are other hidden costs often not discussed. First and foremost is the impact on the IT and Incident
response teams. The IRIS report showed the average recovery time was 512 hours to handle response and remediation. Hours and costs can often be higher, particularly if a company uses multiple outside IT and security services.
Another casualty of destructive ransomware attacks were laptops and desktops. The IRIS report revealed an average of 12,000 machines requiring replacement to get employees back up and running. Depending on the extent a company uses mobile and IoT devices, these too may be damaged and require replacement increasing the overall cost to a company.
The Remedy
So how are businesses and cybersecurity companies like Secure Cyber Defense developing countermeasures to protect themselves? “One of the first steps companies need to take is making sure their operating system and applications are up to date on all security patches. Often ransomware attacks target known system and application vulnerabilities to gain system access,” says Waldman. Another step is protecting data with regular backups using the 3-2-1 rule. Multiple backup processes create three data copies, storing two files in different formats, and storing one copy offsite. This multiple backup approach helps a company restore data to get back up and running, often assisting companies to avoid having to pay the ransom.
Many organizations are turning to outside cybersecurity firms like Secure Cyber Defense to provide threat intelligence assessments to get a better sense of where potential risks exist and how to close critical security gaps. Waldman also suggests, “continuous monitoring of network behaviors allows companies to detect suspicious behaviors and patterns to proactively respond to attacks and minimize the loss of data and productivity.”
Contact Secure Cyber Defense for a cybersecurity assessment to determine your company’s level of vulnerability and to develop a coordinated Incident Response Plan.