The surge in remote work since 2020 has been accompanied by a dramatic increase in cyberattacks. Harvard Business Review reports a 150% spike in ransomware attacks in 2021 from the previous year, with victims paying over 300% more in ransom compared to earlier figures. Shockingly, ransomware strikes are now occurring at a rate of one every 14 seconds and are predicted to escalate to one every two seconds by the end of 2031.
Corvus’s Q2 2023 Global Ransomware Report highlighted a resurgence in global ransomware attacks, surpassing the victim count of both 2021 and 2022. This year may witness over 4,000 ransomware victims, signaling an alarming trend.
As reports of ransomware attacks have made headlines, the profitable nature of these attacks has attracted a wave of new players, introducing systems like Avaddon, Darkside, Smaug, and SunCrypt to the ever-evolving ransomware landscape.
However, this surge isn’t solely propelled by newcomers. Established criminal groups are diversifying their illicit activities by integrating ransomware into their repertoire. Banking trojans such as Emotet, Dridex, and TrickBot have now found new utility as the launchpads for precisely targeted ransomware strikes. QakBot, for example, pivoted its operations in March 2020, becoming a conduit for delivering ProLock and DoppelPaymer ransomware.
The pivot of these well-known criminal entities toward ransomware appears to be a strategic move driven by opportunity costs. Unlike successful online banking attacks that demand complex money laundering infrastructures to funnel stolen funds into criminal-controlled accounts, ransom payments often bypass intermediaries, going directly into cryptocurrency wallets controlled by the attackers. Consequently, ransomware operations prove to be far more lucrative than their online banking attack counterparts.
How to Protect Your Business from Ransomware Attacks
Ransomware is a pressing threat in today’s digital landscape, demanding proactive strategies to safeguard against potential attacks. Whether you’re an individual user or a business entity, fortifying your defenses is imperative.
Here are some indispensable practices to shield your systems and data:
- Regular Software Updates
Keeping your software up to date is more than just ensuring optimal performance; it’s a critical aspect of fortifying your security. Updates often include vital security patches and enhancements. Set a schedule to check for updates across all your applications, including security programs, and promptly install them.
- Layered Security Measures
A robust defense strategy involves employing multiple security tools. Consider a combination of firewall protection, antivirus software, anti-malware programs, spam filters, and cloud data loss prevention. Layering these tools provides backup protection in case one layer fails.
- Employee Awareness Training
Combat the “insider threat” by educating your workforce on cybersecurity best practices. Human error is a common entry point for attacks. By raising awareness and training employees on potential risks, you can significantly reduce vulnerabilities within your organization.
- Configure Access Controls
Implement the Principle of Least Privilege (PoLP) to manage access rights. Only grant necessary access to files, programs, and accounts. Review and revoke access when it’s no longer needed. This approach minimizes insider threats and limits hackers’ ability to penetrate your system.
- Implement Multifactor Authentication (MFA) and Strong Password Requirements
MFA adds an extra layer of security beyond passwords, significantly reducing the risk of unauthorized access. Encourage employees to use strong passwords following guidelines set by security standards. Implementing password managers can aid in maintaining secure access.
- Regular Backups
Backing up your data regularly is an effective way to mitigate the impact of a ransomware attack. Store backups offline, inaccessible to unauthorized users, to ensure that if a breach occurs, your data remains secure.
- Strong Spam Filters
Protect against phishing attacks, a common entry point for ransomware, by implementing robust spam filters. These filters reduce the likelihood of employees falling prey to malicious emails containing malware.
- Application Whitelisting
Utilize application whitelisting to allow only trusted files and applications to run. This proactive measure prevents unauthorized software, potentially carrying ransomware or malware, from executing.
- Verify Email Senders
Vigilance is key in identifying phishing attempts. Train your team to scrutinize email sender addresses carefully to avoid falling victim to sophisticated phishing attacks.
- Stay Informed with Threat Reports
Regularly subscribe to threat reports from reputable sources. Resources like the Anti-Phishing Working Group and CISA product notifications provide valuable insights into emerging cyber threats.
Key Takeaway
Ransomware threats are pervasive across industries and are escalating due to new entrants and the evolution of existing schemes. Ransomware operations, facilitated by Ransomware-a-a-Service (RaaS), pose equal risks to SMEs and large organizations. Prioritizing cybersecurity measures, employee training, and proactive strategies is essential in safeguarding businesses from these evolving threats.