A ransomware attack is one of the most common and dangerous threats to consumers, companies, government agencies, hospital systems, and many other organizations around the world.
Cybersecurity experts are noticing that cybercriminals are increasingly carrying out ransomware attacks and they are becoming more sophisticated too. The latest victim was Software AG, the second-largest company in Germany. A cybercriminal gang took control of the company’s IT infrastructure, encrypted files on into internal network, and demanded a ransom of $20 million.
An independent study entitled “The State of Ransomware 2020” noted that cybercriminals normally demand six to seven-figure ransom from their corporate victims of a ransomware attack based on a survey of 5,000 IT managers from 26 countries.
The average cost to address the impacts of a ransomware attack stood at $732,520 for organizations that don’t pay the ransom. For those that chose to pay a ransom, their costs climb to a whopping $1,448,458. To be a victim of a ransomware attack is certainly costly.
In a blog post, Yaelle Harel, technical product marketing manager at Check Point, wrote, “Falling victim to a Ryuk ransomware attack is exceptionally costly to an organization. The operators of the Ryuk demand a high ransom and in some cases, even paying the ransom is not enough to regain a company’s access to sensitive or valuable data.”
Ryuk is ransomware, a form of malware that encrypts a victim’s files, utilized by the TrickBot gang in targeted attacks against organizations around the world, forcing them to pay extremely high ransom payments in Bitcoin.
“As a victim of a ransomware attack, you are on the horns of a dilemma. You have to choose between paying the ransom and self-recovery,” he noted.
This is certainly not the type of problem, any person or organization wants to encounter. Deciding not to pay or make a ransomware payment is difficult and risky. There is a possibility that a person or entity could end up violating Foreign Assets Control (OFAC) regulations by making ransomware payments to cybercriminals who are included in the agency’s sanction list.
So how can you defend yourself, firm, or organization from cybercriminals and avoid becoming a victim of a ransomware attack? Below are some general good practices you can do.
Tips to consider to reduce risks to ransomware attacks
- It is crucial to obtain training and learn how to identify and avoid ransom attacks. Take note that cybercriminals usually carry out their attacks using a targeted email that does not even contain malware. However, such e-mail is socially-engineered, encouraging users to click a malicious link. Cybersecurity experts believe that user training is one of the most important defenses any entity can and must do.
- Maintain regular back up of data. It is important for every consumer, company or organization to regularly backup their data. It is advisable to do it as part of a routine process to prevent data loss.
- Patching is also a critical step in defending the organization against ransomware attacks, as cyber-criminals usually check for the “latest uncovered exploits in the patches made available and then target systems that are not yet patched.”
“It is critical that organizations ensure that all systems have the latest patches applied to them as this reduces the number of potential vulnerabilities within the business for an attacker to exploit,” Check Point said.
4. Revving up security solutions. Always remember that anti-ransomware solutions and anti-virus software also helps defend your computer network against any or even the most sophisticated ransomware attack. These solutions or software also help in the recovery of encrypted data.
According to Checkpoint, “Conventional signature-based anti-virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organization, as it protects against a majority of the malware attacks that an organization faces,” it said.
The other one is network protection, which offers advanced technologies such as sandboxing which have the “capability to analyze new, unknown malware, execute in real time, look for signs that it is malicious code and as a result block it and prevent it from infecting endpoints and spreading to other locations in the organization.”
Microsoft together with its international partners recently stopped a massive and dangerous hacking operation called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.