Ransomware: understanding the risks and recognizing the threats

If you have turned on the news recently, then “ransomware” may be top of mind when considering the impact it could have on your organization’s ability to deliver its services.

The term certainly has been in the headlines lately. Colonial Pipeline has been the highest-profile ransomware attack so far in 2021, but there have been several others that made national news, including JBS Foods and Quanta.

With more of our clients continuing to ask about ransomware attacks and what they can do to limit their risk and exposure to potential attackers, Baker Tilly recently hosted a comprehensive webinar, Managing your risk against a ransomware attack.

Risk advisory team member, Brian Nichols, discussed key components of ransomware attacks, as well as recent ransomware trends and some leading prevention techniques.

Let’s highlight some of the key topics discussed.

Anatomy of ransomware attacks

Ransomware is malicious software that infects a computer system, propagates to network-connected devices and encrypts critical data, rendering it unusable until a ransom is paid to decrypt the files.

Typically, the data is held hostage – locked, in essence – until the victim pays the attackers a ransom to provide the decryption key. Additionally, the attackers may exfiltrate the data before encrypting it and threaten that if the ransom is not paid, the data will be released on the dark web.

In either case, it’s not a fun situation for any organization to find itself in.

There are a variety of delivery channels for ransomware, but email remains the primary method. Nearly 80% of ransomware attacks originate through phishing emails.

Increasing the concern is the release of ransomware as a service (RaaS) capabilities that allow attackers with minimal sophistication to successfully execute a ransomware attack. This has contributed to the rise in attacks over the last year or so. 

Ransomware trends and threats

As far as ransomware is concerned, the recent trends feature some eye-catching figures.

• For starters, ransomware attacks have increased 57% in the last year. Malicious phishing emails in particular are up over 600% due to COVID-19, as attackers continue to prey on people’s fears surrounding the virus.[1]
• Additionally, ransom demands have increased, with the average demand now exceeding $1 million. These demands are paid in bitcoin, or another type of cryptocurrency.[2]
• It makes sense, too, that the most targeted industries are healthcare, energy, manufacturing and retail.[3] These industries have become particularly critical during the pandemic, and ransomware attackers are taking advantage of this, knowing that front-line industries cannot afford to lose data or downtime due to an attack.
• Victims of a ransomware attack face an average downtime of 21 days and pay an average of $1.85 million between ransom payments and recovery fees, not to mention lost revenue and incalculable PR damages.[4]
• Small and medium-sized organizations are not immune either, as 20% of ransomware attacks target businesses of their size.[5]
• And finally, it is not as if organizations pay ransoms and then move on with their lives. Four out of every five businesses that pay a ransom face another attack soon thereafter.[6]

Leading ransomware prevention practices

It is critical for organizations to implement proactive controls to prevent ransomware attacks and minimize their chances of being the next victim on the news. Leading prevention practices include:

• Know your IT environment. Organizations should have a complete inventory of all network-connected systems and devices and identify which systems are most critical to the services that their business delivers.
• Plan for service disruptions. Organizations should develop business continuity and disaster recovery plans and should test those plans regularly to help mitigate the fallout if an incident occurs.
• Back up your systems and data. In addition to continuity plans, organizations should ensure that backups of their critical systems and data are being captured regularly, that the backups are immutable so that they cannot be tampered with by intruders, and that at least one version of backups is maintained offline and not internet-facing in the event that they need to restore them in response to an incident.
• Train your end users. As discussed above, ransomware is typically released into an organization through a malicious phishing email, and it is critical to train users to identify suspicious emails and other user-related security threats and the actions they can take to help keep the organization secure.
• Patch your systems. Many organizations have manual or less than ideal patching processes for their servers and end user computers. By implementing automated and consistent patching processes, organizations can vastly decrease the likelihood of falling victim to a cyber attack via intruders exploiting a known system vulnerability.
• Obtain cyber insurance. Even with the best preventative measures, accidents do happen that could lead to a ransomware attack or other cyber incident. Having cyber insurance helps organizations minimize the financial impact of those incidents.

For more information on these prevention techniques and how to implement a proactive ransomware prevention program, contact our team.