Ransomware: Pay Up Or Take The Risk?
You’re sitting in your office, as your employees start to leave for the day. You decide to hang back and get some work done and look at your computer only to notice a red screen with the heading “Your Files Have Been Encrypted.” At the bottom you notice a description in which it says, “Send 50 Bitcoin Or Your Data Will Be Lost.” You try to exit out, but the screen is frozen on that page, and this is when you realize this is not a prank. This is a ransomware attack.
What is Ransomware?
Ransomware is a form of malware. The hacker will demand a ransom from the target in order to restore any breached data in which the user is typically given direction as to how to pay the ransom. Ransomware can violate your computer systems in different ways. Knowing how to protect your business is crucial. Traditional cyber security methods can be effective in preventing most ransomware attacks, but with more sophisticated methods being used to hijack computer systems, the key is staying ahead of the hackers and anticipating any method they might use to breach critical data.
Significant Ransomware Cases
In November 2014, Sony Pictures faced a sophisticated cyber attack launched by a North Korean hacker as a result of a movie they were producing called “The Interview” which depicted the assassination of North Korean leader Kim Jong-un. Company systems and emails were compromised and Sony was forced to remove the assassination scene from the movie.
In February 2016, Hollywood Presbyterian Medical Center had to suspend their IT systems after noticing suspicious activity on their computers, locking down their medical records. After working with law enforcement for four days, they were forced to pay $17,000 in ransom.
In May of 2017, United Kingdom National Health Service hospitals were targeted by the WannaCry ransomware attack that took over computers running Microsoft Windows. The attacker encrypted data and demanded payment in the form of currency.
In October 2017, the Odessa Airport along with the Kiev Metro System in the Ukraine were targeted by the Bad Rabbit ransomware. The attack lasted for only a day, but shut down flights and delayed train service.
In another case in May 2019, an employee from the Riviera Beach Florida Police Department opened a suspicious email which infected the local government’s computer systems.
Financial institutions are also at high risk for ransomware attacks. In 2019, Travelex, a foreign currency exchange company was targeted by an attack known as REvil. The business was forced to pay $2.3 million in ransom to recover their lost data.
In July 2020, Garmin, a big player in the industry for GPS smartwatches, was hit with a destructive ransomware attack with a malware known as WastedLocker. Customers were unable to access their devices and, according to news sources, the company resorted to paying $10 million in ransom.
In September 2020, one of the largest healthcare providers in the US, Universal Health Services, was hit by a ransomware attack that disrupted all their systems. Computers and phone systems were compromised causing a panic. UHS later confirmed that 250 care sites and hospitals were affected by the cyberattack.
For details on each of these cases see the attached links:
The Cost of Ransomware Attacks
IT security experts estimate that a ransomware attack occurs every 11 seconds. The previous estimates forecast attacks occur every 14 seconds. In 2017, the FBI Internet Crime Complaint Center received 1,783 ransomware incidents in which users lost over $2.3 million.
Most ransomware attacks take place on a large scale, targeting large companies and organizations, individual cities and states. Many larger companies are not typically targeted as they typically have IT security protections in place and the ability to detect and thwart these attacks. Therefore, local businesses and governments are more common targets. Large companies such as FedEx and Nissan have previously experienced acts of cyber attacks, but nothing as serious as ransomware. The average loss for each business, per cyber attack, is about $2,500, and some companies are willing to pay millions in ransom to protect any data.
The trend shows that smaller companies are more susceptible to such attacks, along with city governments. The countries with the most ransomware occurrences were U.S at the top of the list, followed by South Africa, Portugal, Mexico, then Japan. Although there have been a number of attacks, NortonLifeLock found that cyber attacks have shown a 20% decline since 2018, but it is not certain if this trend will continue.
Creating a Culture of Security
All businesses can take steps to stay safe and help spread awareness to thwart ransomware and other security breaches. American Express has implemented specific security protocols where they require two-factor authentication and forbid employees from connecting foreign hardware to their network systems. WestStar Bank educates their employees on security risks and manages the use of privileged accounts. The bank employs data backup and has a recovery plan for any information. Creating a culture of security in a business is critical because it makes employees more vigilant.
How to Avoid Being a Target
IT administrators can take preventative measures to avoid being a target of ransomware attacks. Some basic steps to take:
- Reduce the information in your system and keep only what you need.
- Minimize the places you store your data.
- Conduct employee background checks
- Never give vendors or temporary workers access to data.
- Properly destroy old files to prevent information from being leaked.
The most common and sensible steps companies are taking are implementing better technology, smarter staff, raising employee awareness and improving response plans. Make sure your company has cyber liability coverage. It is important that you learn and understand security loopholes which hackers use to breach data. Training employees about the risks of cyber attacks and identifying suspicious activity will help protect your company.
Finally, laying out a procedure to follow if your business is targeted can help resume operations quickly if you come under a ransomware attack. Quickly notifying authorities when a ransomware attack occurs can increase the chances that the source of the attack can be identified. The U.S. Department of Homeland Security and F.B.I. have worked with businesses when major ransomware attacks have occurred, but even some of the top security experts have been unable to track down the source of many of these ransomware breaches.
Future of Cybercrime
Even an inexperienced cyber criminal sees the use of ransomware technology as an easy way to remain anonymous while extorting larges amounts of money from vulnerable companies and organizations. As long as these criminals see businesses and organizations easy targets, we can expect an increase in this activity.
Ransomware costs on a global scale are projected to reach an unprecedented $6 trillion by the end of 2021. Local governments are expected to be one of the most likely future targets, mainly because they don’t always have the adequate technology and money to properly combat cyber attacks. Large and small corporations will also be susceptible to such attacks in the future because attacks can be launched from something as simple as a phishing email sent to an employee. Opening one email attachment could breach the whole system and any data that comes with it.
As computer hackers become more sophisticated in their methods, they will continue to look at ways to directly or indirectly extort money from individuals and organizations. The trend of ransomware attacks will continue as long as this type of cyber crime continues to be a lucrative enterprise for hackers. Businesses and organizations of all sizes can decrease their vulnerability to these types of attacks by anticipating how these kinds of breaches occur and then protecting against this ever-evolving threat.