Ransomware

Ransomware is on the rise with several industries being targeted.¹ In the first half of 2023, the average ransom demand was $1.62 million.² What can you do to keep your organization safe? Stopping ransomware begins with understanding how it works and building extra protections around your data.

How ransomware works

Ransomware is the fastest-growing type of cyber threat, with threats being launched every 11 seconds.³ On average, affected businesses take more than 21 days to recover.⁴  Criminals continue to refine techniques to exploit vulnerabilities and steal credentials and have created market places to sell this capabilities to less technical criminals.

Ransomware is a form of malware that’s often introduced through business email compromise (BEC). In this scenario, cyber criminals send fraudulent emails to entice the recipient to open the message and click on a fraudulent link or attachment. Often, the criminals impersonate trusted senders, such as company executives or suppliers. Once clicked, the link can infect an entire network and hold your company’s data hostage while the criminals demand a ransom, often in cryptocurrency.

Companies can protect themselves through cyber education and, most importantly, preparedness. Organizations that develop backup and remediation plans can give themselves options that can greatly reduce the severity and length of a ransomware incident.

• Do regular backups and testing. Some types of ransomware can encrypt both backups and primary files. Build sufficient defense layers, including daily backups of critical systems in locations outside the primary company network. Encryption technology can provide another layer of defense for the most critical or sensitive data.
• Update security software and operations systems. Ransomware prevention and anti-virus software should be installed, and network scans should be conducted regularly. Email filters can block known sources of ransomware and spam. Installing the latest patches can neutralize many threats.
• Review vendor access and contracts. You’re only as secure as the third parties you do business with. Keep tabs on vendor access to your networks and systems. Ask vendors to supply an SOC 2 (Service Organization Controls) report.⁶
• Educate employees. Your employees are your first line of defense. Build their knowledge about the dangers of clicking on email links and attachments, especially for unsolicited messages.
• Use strong and unique passwords. Ensure your eligible corporate accounts are protected with unique passwords, and do not reuse your corporate credentials for personal accounts.
• Build a formal response plan. Companies should construct a step-by-step playbook that establishes response chains of command and describes specific actions employees must perform.
• Test your recovery plan. Regularly try out your ransomware response and recovery plans so you can quickly get up and running again.

¹ Michael Novinson, “The 10 Biggest Cyber and Ransomware Attacks of 2021,” CRN, The Channel Company, Dec. 23, 2021.

² https://www.forbes.com/advisor/business-insurance/ransomware-insurance-claims-hit-historic-high/

³ “Ransomware Payments Up 33% as Maze and Sodinokibi Proliferate in Q1 2020,” Coveware Ransomware Marketplace Report, Coveware, Inc., April 29, 2020.

⁴ “Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands,” Coveware Quarterly Ransomware Report, Coveware, Inc., Feb. 1, 2021.

⁵ https://www.coveware.com/blog/2024/1/25/new-ransomware-reporting-requirements-kick-in-as-victims-increasingly-avoid-paying#payments

⁶ SOC for Service Organizations, Association of International Certified Professional Accountants.