Ransomware: what you’ll encounter and how to prepare
Ransomware uses software to encrypt data, hold it hostage, and extort a payment from the owner. Nobody is ever keen to talk about their ransomware attacks. It’s easy to feel embarrassed about falling prey to them, and it can feel even worse if you pay to get your data back and the criminals ‘win’.
78% of UK businesses were hit with ransomware attacks in 2021, and in 2022 the number of attacks increased by 77%. It’s not a comfort to know that ransomware is on the rise, but you can at least be reassured that if it happens to you, you shouldn’t feel ashamed.
Ransomware is a popular cyber attack because it often works, it’s frequently lucrative, and it’s easier than ever. Here’s more about the threat you’re facing and what you can do to protect your organisation.
The ransomware ‘business model’
The principle of ransomware is simple — get hold of the target’s data, encrypt it, and demand a ransom to get it back. It’s a very sound venture for a cyber criminal — 82% of victims pay the ransom, and the average payment is worth £1.7m.
Many organisations feel that they have no choice but to pay. They can’t operate without their data, so refusing could be more expensive. The trouble is, agreeing to the criminals’ demands advertises that you’re willing to pay, which is why 80% of those who pay get attacked again soon afterwards.
Facing a ransomware attack, you’re very much between a rock and a hard place.
How a ransomware attack happens
First, the criminals will find a way in to your system. 54% of ransomware comes through phishing messages. Those tend to be emails or messages designed to appear legitimate, but which contain something that the target would click, and unwittingly download something hostile. Phishing is by far the most popular method of entrance, because it’s often easier to engineer and exploit human error than it is to overcome security features.
Once the criminals have access, they can usually encrypt the files they choose. Then they’ll contact the victim to offer a decryption key in exchange for payment.
Now, these days many businesses backup their data daily (as they should) so if their files are encrypted, they can recover most or all of their data. Because of this, attackers sometimes delete the backups before encrypting the data, so that the target is still motivated to pay.
One relatively new development is known as Ransomware as a Service (Raas). Some criminals develop ransomware programmes, but instead of using them to attack organisations, they sell the software to other criminals.
That offering has made ransomware more accessible than ever — now criminals without much technical expertise or coding experience can carry out ransomware attacks. 60% of ransomware attackers now use RaaS.
How to prevent ransomware attacks
More likely than not, someone is going to attempt a ransomware attack on your business. Here’s how to reduce their chances of succeeding.
Find your vulnerabilities
You might not know where you’re weak, but attackers will.
Each organisation has its points of vulnerability. Common examples are:
- Poor password practice (p@ssword, 12345, Liverpool2020)
- No multifactor authentication (MFA)
- Teams haven’t updated their software
- Remote workers logging in on unsecured wifi
Identify your weaknesses, then you can strengthen them.
Educate staff on phishing
Just as there’s no shame in having had a ransomware attack, neither is there in falling victim to phishing.
Phishing is getting more and more sophisticated, and it’s social engineering that gives it its power. Busy people can be easily caught out by emails that appear to be from their boss or a client, and end up clicking the wrong thing.
The best thing you can do as an organisation is to educate your staff and encourage careful and critical thought about the messages they receive.
Backup your data
You’re only as good as your last backup.
If you’re not backing up your data, you’re making yourself extremely vulnerable to ransomware. You should back up your data at least daily to minimise cost and disruption if someone does manage to encrypt your files.
Managed Detection and Response
Of course, as described earlier, criminals may try to delete your backups and leave you helpless. You can prevent that with Managed Detection and Response (MDR). Security providers like Sophos can detect threats as they try to infiltrate your systems, and stop attacks before they can take hold.
Having that robust level of security can also help reduce your cybersecurity insurance premiums, or help you qualify for better coverage, should anything go wrong.
Assess the state of your security
The very first thing to do is understand how secure your organisation is, and where there may be weaknesses.
Get your FREE SECURITY REVIEW and find out what need to do to stay safe.