According to the UNODC, a ransomware attack happens every 11 seconds, which leads to financial damage of around $20 billion in 2021. This should already be alarming enough for everyone to pay attention to the problem of ransomware. However, many still downplay the problem.
The Colonial Pipeline cyberattack that resulted in a major disruption is one proof of how organizations have been ignoring the threat of ransomware. "There has to be a different way of approaching this if we are going to stop this plague," says Philip Reiner, CEO of the Institute for Security and Technology, who recently presented a long list of suggestions the US government can use to address the ransomware problem.
Well, even before undertaking such actions, it is crucial to acknowledge and understand how severe the ransomware threat is. Many tend to think that having data backup easily solves the problem, but things are more complicated than that (more on this below).
From phishing to Zero-day exploits, no threat is too small
It is important to put up all the necessary cyber defenses from the get-go. All software should be regularly updated or patched. Everyone in the organization should have proper cybersecurity orientation. There have to be strict policies or protocols on IT resource access and privileges in an organization. A solid email security solution should be in place.
Email protection is particularly important since phishing has become the leading attack vector for ransomware. Many unwittingly install ransomware into their systems after opening the attachments they find on their emails. The Locky attack in 2016 was found to have infected around 50,000 in a day through email attachments.
No attack is too small when it comes to ransomware. The perpetrators of a ransomware attack on the Melrose Police Station in Massachusetts in March 2016, for example, sought a 1 BTC ransom. The police station agreed to pay the ransom, which had a rather low equivalent amount in fiat money at that time (~$450).
Cybersecurity experts believe that paying the ransom is bad practice, as it emboldens the cybercriminals. "Keep in mind that the only reason these thieves keep making these attacks is because people are paying them," security researcher Troy Gill explains. A small ransom amount should not make organizations cavalier with their response to the threat. The attack itself should be enough reason to implement better security measures to prevent another attack penetration in the future.
Some cybercriminals settle with paltry ransoms, but their high volume of attacks allows them to make a lot by getting "a little" from numerous victims. When organizations become comfortable with the idea that paying is a "convenient" and "not so expensive" solution, they no longer exert more effort and investments to fortify their security. They no longer undertake security validation.
That's why it is important to treat every attack, no matter how small or big it is, as a serious breach of security that should be addressed by immediately improving the organization's security posture. If a "small-time" ransomware attacker manages to get through an organization's defenses, imagine what a more sophisticated or state-backed malicious actor can do.
Cost of ransomware
A study by one renowned security firm estimates the cost of ransomware to reach $265 billion by 2031. That's bigger than the GDP of Portugal, New Zealand, Greece, and several other countries. On average, the ransom paid by victimized organizations in 2021 sits at around $170,000. The highest ransom paid is reportedly that of the US travel services company CWT Global, which paid $4.5 million when it was struck by a ransomware attack in July 2020. Colonial Pipeline, which suffered an attack early this year, paid a similar amount at $4.4 million.
The ransom, however, is not the only cost involved in dealing with ransomware. The disruption in operations can also mean millions of dollars in lost business. It usually takes around 16 days for organizations to fully recover from a ransomware attack. Add to this the costs of mitigation and remediation, which can run in the hundreds of dollars. For some companies, settlements and legal defense will also be incurred to deal with customers who are affected by the attack. Then there's the critical cost of reputational damage and reputation rebuilding.
Even when companies pay the ransom demanded by the perpetrators, it also needs to be pointed out that this does instantly mean the resolution of the problem. Going back to the Colonial Pipeline ransomware incident, there were reports that the company had to turn to their own resources to help restore their data as the attacker's decryption software was excruciatingly slow.
That's an epic triple whammy of losses! Aside from losing money to pay the ransom, the company still had to suffer serious business interruption because it was taking time to restore the system. Plus, the company also had to use its own resources and spend more on mitigation and remediation to expedite the recovery process.
Data backups are a feeble solution
Some may argue that data backups are the best protection against ransomware attacks. If malware manages to encrypt a company's data, there's always that option to just get rid of what has been corrupted and draw data from the backup. This is a very simplistic mindset, though, that can lead to problems.
"Now, without question, backup is always recommended for preserving data in the case of disasters, data corruption, or accidental deletions. But backup wasn't designed to protect against cybercrime," says Forbes Technology Council member Yuen Pin Yeap.
Ransomware can find and attack data anywhere. Yeap says that most attacks target backup systems to make sure that the victims will not have a way to restore what has been encrypted. Even data stored in the cloud is not safe.
In other words, ransomware should be prevented before it can inflict any damage. Prevention is always better than cure. Also, instead of simply having backups, it is possible to come up with ways to protect the data itself from getting targeted. One way to do this is to have an image of the data within an undetectable overlay, making it some form of armor for the original data. If ever attacks break through, only the overlay image will be encrypted and the original safe from alteration.
Evolving complex problems require formidable solutions
Ransomware is not a simple infection that can be cured by paying a ransom. Simply having backups is also not the best way to address it, as it does not guarantee immediate recovery. Organizations need to ascertain that they have the right defenses to prevent any ransomware from infecting their networks even if they maintain data backups. It is important to take this problem seriously and avoid suffering from the variety of losses or damage that come with the infection.