You hear news reports almost daily about ransomware taking down organizations around the globe. Cyber Security Ventures estimates a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.
What is ransomware?
Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid. Norton breaks down the different types of ransomware – Cryto malware, Lockers, Scareware, Doxware and Ransomware as a Service (RaaS).
Stages of a ransomware attack
Ransomware attacks can be broken down into four different stages. What starts off as a simple click in an email, or a download from the internet, or a website visit, can very quickly lead to a whole lot of trouble and enormous expense.
Stage 1 – Phishing
One of the most popular ways for cybercriminals to access your system is a phishing email. Statistics indicate 1 in 25 branded emails are phishing emails. Avanan, a cyber security platform, reports the two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%). Additionally, the Avanan research finds phishing attacks fall into a few different categories – credential harvesting (41% of attacks), extortion (8% of attacks), malware (51% of attacks), and spear phishing (0.4%).
Stage 2 – Burglar prowling
Once a link is clicked and the malicious code downloaded, the burglar begins to prowl. Your computer is compromised. Ransomware starts infiltrating your computer in a matter of seconds. In 2017 the WannaCry ransomware spread like wildfire and in a matter of hours encrypted hundreds of thousands of computers in over 150 countries. Ransomware looks for files on your computer, network, and in the cloud to encrypt.
Stage 3 – Locked out
Encryption of files on your local computer can happen in a matter of minutes. Within a few hours, encryption will impact files on your network or in the cloud. Once the malicious software takes hold, it will lock you out of your most important folders, files and data; giving you no access until you pay. Files in Saas based applications like Dropbox and Office 365 are the most likely to be impacted. Kaspersky found 65% of businesses hit by ransomware in 2017 lost access to a significant amount or even all their data. Additionally, they discovered 34% of businesses hit with malware took a week or more to regain access to their data. Coveware’s Ransomware Marketplace Report estimates the average number of days a ransomware incident lasts, to be over a week at 7.3 days, up from 6.2 days in 2018.
Stage 4 – Ransom request
Your files are encrypted and the cybercriminals are demanding you pay a ransom to regain access. Do you pay? Research indicates that 97% percent of United States’ organizations refused to pay the ransom. However, 75% of Canadian, 22% of German, and 58% of UK, companies paid the ransom. Datto reports the average ransom for a SMB is between $500 to $2,000. So while the ransom itself isn’t significant, the downtime from an attack can cripple a small business. Additional research from Datto found the average attack is 10 times more costly to the business than the ransom itself. Attacks cost a business $46,800 on average and the ransom requested averages $4,300 per attack.
Protecting your business from a ransomware attack
There is no single solution that will protect you and your business from a ransomware attack. Antivirus software, email/spam filters, and regular software updates are a few things you can start with. Focus more time and resources on:
Cybersecurity training – People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!
Backup and disaster recovery plan – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.