Thanks to the recent Colonial Pipeline and JBS cyberattacks (and their subsequent impacts), you’re probably encountering the term ransomware more than you used to and it’s not hard to see why – the number of successful ransomware attacks is rising dramatically. The bad actors watch the same news you do. And they are exploiting a variety of social, economic, and psychological weaknesses exacerbated by civil unrest, porous cybersecurity postures, and the COVID pandemic. Comprehending these vulnerabilities is essential to your livelihood because here’s the truth – if you own a computer, you are potential prey. Now, more than ever, is an ideal opportunity to take a closer look ransomware and what we can do to defend against it.
What Is Ransomware?
Before learning how to fight ransomware we need to know what it is. According to the Cybersecurity and Infrastructure Security Agency (CISA),“ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” It is a specific type of malware or malicious software that is used to extort money from victims by holding their information hostage in exchange for payment, usually in cryptocurrency. After successful encryption, malicious actors will either threaten to delete the data on the machines or sell exfiltrated data if their demand for payment (usually in cryptocurrency) isn’t paid. Effectively, your data is taken hostage.
What Dangers Does Ransomware Pose?
Let’s look at some of the devastating side effects of a successful ransomware attack.
Loss/leak of corporate and client data
If the bad guys have enough of a toehold in your systems to lock it down, there’s no telling how much information they have already stolen. And even if you pay the ransom, there’s no guarantee you’ll gain access to the data again. According to some studies, only 8% of the corporations who paid the ransoms got all their data returned.
Damage to company reputation
Getting breached is never a good look for a company, but not knowing exactly what was exfiltrated and sold makes the optics even worse. Plus, if the company provides essential goods like Colonial or JBS, the commodities will rise in price – which consumers won’t appreciate.
Financial loss
As of April of this year, the average ransom payment is little over $170,000. The current average cost for a full remediation is close to $2,000,000.
Complete shutdown of business operations
If you don’t have the encryption key, you won’t have access to anything until decryption or new systems or prepped.
Total business collapse
The remediation and ransom costs in addition to lost revenue might be enough to sink your company.
How Can You Defend Your Business Against Ransomware?
With potentially company-ending consequences on the line, how do you defend against those wishing to do harm to your company? Let’s look at just a few ways to shield yourself.
Invest in cybersecurity training
Know how the bad guys work. Learn the vulnerabilities they exploit. And embrace a company-wide, security-first mindset.
Assume breach mentality
Conduct every day like someone is already in your systems. This will help curtail bad security habits and keep you prepared for an eventuality that might never surface. But it’s better to be prepared!
Protect your emails with a filter
Bad actors routinely find ways to be invited in to wreak havoc via absent-minded clicks on “innocuous” attachments. Keep your inboxes locked down as much as possible to avoid a foothold.
Craft a remediation plan
Fortune favors the prepared, right? Cybersecurity is no different. Have a definitive response and recovery strategy. If the worst occurs, you’ll be ready to get your operations up and running as quickly as possible.
Back up your backed up backups (offline if possible)
Backup. Backup again. Then backup some more. Did we mention backing up? Be sure you have a copy of all of your essential data and keep it offline, offsite and encrypted if possible.
Keep your software patched and up-to-date
Everything from browsers to line of business applications can prove devastating attack vectors if not properly serviced. Be sure to pay close attention to new software releases, as well as reports on the latest zero-day vulnerabilities for all the apps your business utilizes.
Axxys Can Help You!
And you don’t have do any of this alone. Consider making Axxys a partner. Our personable and professional staff will provide cutting-edge cybersecurity training, monitor your network for potential threats, patch and secure your digital assets, help you develop remediation options, and make sure your data is backed up thoroughly. So when the bad actors want to take your data hostage, they’ll have to get through us and our processes first.