Ransomware primarily works by encrypting files on the victim’s infected system, making them inaccessible to the user. The attacker then demands a ransom, often payable in cryptocurrency such as Bitcoin.
A recent study by Zscaler (PDF) shows that there has been a huge increase in ransomware activity and that this year is expected to be a record year for ransom payments.
Ransomware most often affects organizations that rely on immediate access to critical data, such as hospitals and municipal agencies.
Why is there so much talk about ransomware?
This increase is largely attributed to a strategy known as “big game hunting,” in which cybercriminals target fewer but more significant entities and extort much larger sums of money than before. The largest ransom payment on record was a staggering $75 million payment to a ransomware group called Dark Angels by a Fortune 50 company.
Victims of ransomware attacks are often faced with a difficult decision: should they pay the ransom to regain access, or risk permanent data loss? If the ransom is not paid, attackers threaten to expose or destroy sensitive data. While paying the ransom may seem like the fastest way to recover data, it is generally discouraged as it perpetuates the cycle of cybercrime.
Many organizations choose to negotiate with attackers through third-party incident responders or cyber insurance companies, often using cryptocurrency for payments. However, payment does not guarantee recovery and there is always a risk of future attacks or data exposure.
Also, normalizing ransom payments leads to an exponential increase in ransom demands. Last year, most attackers were asking for less than $200,000, but by June of this year, the average ransom demand had risen to around $1.5 million.
Refusing to pay the ransom signals against the profitability of cybercrime. However, organizations must be prepared for the potential consequences, including the possibility of data breaches. Experts recommend contacting cybersecurity professionals to assess the situation and determine the best course of action, including evaluating backup options and the potential impact of data exposure.
“Ransomware has recently become the biggest cyber threat to organizations. It continues to spread, targeting businesses ranging from hospitals to oil pipelines to take advantage of fears of business disruption and data loss,” says Vakaris Noreika, Head of Product at NordStellar. “To pay or not to pay the ransom is the toughest question for companies hit by cyber extortion, as they face the prospect of permanently losing access to their information.”
“Companies that agree to pay the ransom should not be singled out as victims, as they have undoubtedly faced a great moral dilemma, and surrendering to the threatening actors must have been the last resort to restore their business and protect the reputation of their customers,” Vakaris Noreika added.
However, organizations can mitigate ransomware attacks by implementing a number of cybersecurity measures.
One of the most fundamental steps is to use antivirus software and firewalls to protect every device and network within the organization. This helps prevent malware infections that can lead to ransomware attacks.
Additionally, it is crucial to keep all systems up to date with the latest software patches and updates, as cybercriminals often exploit known vulnerabilities in outdated software. Employee training is another critical component of a comprehensive ransomware defense strategy. By training staff to recognize and avoid phishing attempts, organizations can significantly reduce the risk of unauthorized access to their systems and networks.
Regular backups of important data are also essential so that organizations can restore their systems and data in the event of an attack. Encryption is another powerful tool in the fight against ransomware. By encrypting sensitive information, organizations can protect their data from unauthorized access, even if it is stolen during an attack.
Finally, in the unfortunate event of a ransomware attack, organizations should work with law enforcement and cybersecurity experts. By reporting the incident and sharing information, organizations can help authorities track down and prosecute the perpetrators, while also receiving guidance on how to mitigate damage and prevent future attacks.