Security Consulting Team
Ransomware is a type of malware that typically spreads through phishing emails, it encrypts a victim’s data until a ransom is paid. The whole purpose of ransomware is to extract money from its victims and the dollar amount commonly tied to the value of the target data. Experts estimate that ransomware will generate over $1 trillion for the “bad guys” in 2020 and could cost corporations/governments over $5 trillion to recover/clean-up.
Ransomware wasn’t always headline news. In 2017 a ransomware nicknamed “Bad Rabbit” swept through eastern Europe. Victims were asked to pay a measly 0.05 Bitcoins (around $285), they were given 41 hours or face the consequences.
Fast forward to 2020, ransomware has come a long way in the past three years and has become the #1 money maker for cybercriminals. Ransomware attacks today are common, costly and can stop a business in its tracks.
The reason for why ransomware has become so successful is threefold:
- LARGER: Cybercriminals are getting smarter and are now going after larger targets; they now know that the larger the target the larger the ransom they are willing to pay. Ryuk ransomware demands $288,000 per incident and is used to target large organizations (254 employees). The city of Riviera Beach in Florida paid a $600,000 ransom in June 2019. Source
- RaaS: Ransomware-as-a-Service, yep you guessed it, ransomware is now being served up as a managed service and includes everything a would-be hacker needs to launch an attack, including 7x24 customer support, dashboards, and training. All that a subscriber needs to do is point, click, and pay. RaaS provider/distributor receives a portion of the proceeds. DIY Kits are also available.
- SUSCEPTIBILITY: 67%of ransomware attacks originate from staff clicking a phishing email. Imagine if this were to happen to you? One little click of a link in an email could cost your organization hundreds of thousands in ransom fees and potentially millions to clean up.
Don’t be a “bad rabbit“; remember to practice good email hygiene and think before you click.
In addition to understanding the nature of the ransomware threat, organizations should prepare for potential ransomware attacks and associated implications. Here are a few suggestions:
- Test your Incident Reponses/Disaster Recovery capabilities, run tabletop exercises, back-up your data on a regular basis, and make sure that your organization has the ability to recover quickly before an actual ransomware attack occurs.
- Use simulated phishing exercises to keep staff on their toes and educate staff on what Ransomware is and how attacks can enter an organization.
- Consider using digital certificates or deploying email security solutions like SPF, DKIM, and DMARC, which help to prevent email spoofing or the bad guys sending email on your behalf.
- If you do get infected, reach out to ransomware forensics experts for guidance. Some security professionals will advise you not to pay the ransom, those that do pay often find their files remain encrypted. After all, placing your trust in the good graces of criminals often leads to disappointment.
For more information, reach out to our Security Awareness Team here at Online.