What is Ransomware?
Ransomware is a kind of malicious code that renders a device, server or file unusable until a payment is made to a cybercriminal. Attacks have more than doubled since 2020, and a recent study found that incidents reported to the ICO grew from 326 to 654 between 2020 and 2021. Actual figures will be much higher, as not all incidents are reported (although of course they should be!). The heavily impacted sectors according to the report are finance, education and insurance, but all sorts of businesses have been affected.
Over the years ransomware has evolved and become increasingly sophisticated. While some malicious software of this kind just encrypts certain files, others have the power to completely destroy entire file systems.
How it Works
As soon as the malware has been installed – usually as the result of a user clicking on a link – the hacker takes control of the system and freezers the user out until they pay up. They often ask for payment in Bitcoin, due to its anonymity, but cyber criminals will sometimes ask for bank details or other types of payment such as Amazon gift vouchers too. Even once the ransom has been paid, there’s no guarantee users will regain full access to their files afterwards. In fact, while over half of victims pay up, but only 8% get all their data back.
The Cost of Ransomware Attacks
According to Yubico, the average cost of a ransomware attack was $1.85 million (£1.4m) in 2021. Along with the initial monetary demands, other costs include business downtime, lost sales, operating costs and legal fees. In the case of attacks where more sensitive information is compromised, costs can be as much as $4.44 million (£3.5m).
There are severe reputational costs to consider too. New strains of ransomware can affect entire supply chains, which puts partner organisations and their customers at risk. Under GDPR regulations all breaches must be reported to the ICO, which means they are also made public. Insurance companies are less likely to touch organisations that have been hit hard by ransomware attacks, and if they do, you can expect your premiums to rocket.
Once an organisation has been targeted – and agreed to pay the ransom – they then become an easy target for future ransomware attacks.
Although most cybercriminals are motivated by money and other financial rewards, others act out of spite or for political reasons. They often use a range of different methods to extort money or information, and in some cases if ransoms aren’t paid they’ll even go as far as contacting customers direct and demanding money from them.
How to Prevent a Ransomware Attack
A while ago, all you needed to protect against a ransomware attack was a secure backup system and fast data restore process. Things have changed in recent years. At their worst, modern attacks can bring entire organisations to their knees, so traditional methods are no longer enough, so you need a more comprehensive, multi layered line of defence in place.
But as with most other cyber-attacks, the best way to avoid a costly ransomware attack is by creating a culture of awareness and making sure your staff have the right training. Malicious software can only be installed if a human allows it, so it’s essential that everyone knows what to look out for.
Here are some steps you can take to minimise the risks:
- Make sure everyone in your organisation is trained and knows to never click on unverified links
- Have all your emails scanned for malware
- Install firewalls and Endpoint Protection
- Only ever download from trusted sites that your IT team have approved
- Keep regular backups of all your files
- Avoid using public Wi-Fi
- Never allow unverified, unfamiliar USBs in any of your devices
- Install robust security software
- Never share sensitive data with anyone you’re not 100% certain of
As specialists in cyber security, our team at Actisoft can talk you through all the risks and provide you with all the tools you need to avoid a ransomware attack. From firewalls and Endpoint Protection to Cyber Essentials accreditation and much more, we’re here to help.
Start Your Free Phishing Security Test
Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?
Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!
IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS
Why? If you don't do it yourself, the bad guys will.
Here's how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customise the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Start phishing your users now. Fill out the form, and get started immediately!