Ransomware, the IT equivalent of kidnapping, is a huge and growing problem. And ransomware attacks, in which bad actors encrypt organizations’ data to bring IT infrastructure and the associated operations to a standstill, are only becoming more widespread.
Ransomware attacks more than doubled this year. The first quarter of 2019 alone saw a 118% increase in ransomware attacks, and this has created an urgency for organizations to be better prepared to respond to this increasing threat. Dark Reading says ransomware attacks are becoming more targeted, sophisticated, dangerous and disruptive. Europol just published a study saying that ransomware “overwhelmingly retains its position as the top cyber threat faced by European cybercrime investigators.”
No Organization, No Matter What Size Or Type, Is Immune
Ransomware is affecting entities of every size and in every vertical. An estimated 140 local governments, hospitals and police stations were held hostage by ransomware attacks in the first 10 months of 2019.
Baltimore was paralyzed by attackers who demanded $80,000 in ransom to free the city’s computer systems and files from their grip. The city did not pay the ransom, but it suffered an estimated $18 million in losses.
A network of Alabama hospitals this year had to stop accepting new patients due to a ransomware attack. Berry Family Services of Texas was hit with a ransomware attack that barred providers from accessing computer systems and encrypted the data of 1,751 patients. Ransomware also affected police laptops at three Georgia agencies this year.
And Ransomware Can Spread Very Quickly
But Maersk may provide the best example of how fast ransomware can spread. The shipping company was the victim of NotPetya in 2017. The ransomware infected nearly 50,000 endpoints and thousands of applications and servers across 600 locations in 130 countries.
An incident involving Norsk Hydro illustrates how ransomware can bring operations to a standstill and ring up significant financial losses. The aluminum company estimated its loss from a ransomware attack this year at $40 million.
Bitcoin Payments, Other Costs And Regulatory Considerations Only Add To The Complexity
The fact that attackers typically demand ransoms in bitcoin only adds to ransomware’s complexity. Such transactions are difficult, perhaps even impossible, to trace.
Paying ransoms may put organizations at greater risk of being attacked again. Attackers may attempt additional extortion schemes once they know of an organization’s willingness to pay.
Organizations hit by ransomware attacks also need to consider the legal ramifications of paying ransoms. The U.S. government bans financial transactions – including ransom payments – with governments, individuals and organizations on the U.S. sanctions lists.
Even when organizations refuse to pay ransoms, ransomware attacks can be costly. The inability to access data or use computers can lead to significant losses due to downtime, and some organizations make big investments in post-attack IT recovery and rebuilding efforts.
Organizations Need To Get Better — And Quicker — At Responding
One of the things that makes ransomware especially problematic is its ability to spread very quickly. A person on one computer may click on an email or web link and get infected. Because that computer is connected with other computers in an organization, the problem proliferates.
With ransomware, you typically have an hour before it spreads to your entire company. Yet most organizations are slow to respond.
The Ponemon Institute says the mean time to detect a breach is 197 days. The research firm says responding to a breach typically takes another 69 days. Thus, an innovative solution is needed to both limit the damage and provide a fast response.
Dynamic Isolation And Microsegmentation Provide Visibility, Faster Containment
One important step in limiting the impact of ransomware attacks is to get visibility into your digital assets and the flows between them. After all, you can’t protect what you don’t know.
Monitoring networks and devices to look for anomalous behaviors is key. Network scanning is an important thing to watch for. It can signal that a bad actor is inside the network and assessing what’s around them.
It’s also imperative that enterprises adopt a zero trust approach to cybersecurity. This assumes bad actors can and will get in — and are actually inside the enterprise network already. It employs solutions such as dynamic isolation and microsegmentation to limit the scope of damage.
If a machine gets infected, microsegmentation makes sure it doesn’t spread that infection to the entire network. Dynamic isolation spots anomalous behaviors fast and installs agents on machines that are exhibiting strange behaviors. Dynamic isolation also ensures data on those machines stays safe, preventing bad actors from re-encrypting the data.
Modern Technology Also Enhances Protection Of Critical Assets, Improved Authentication
Organizations also can improve their resilience to ransomware and other cybersecurity attacks by applying cryptographic network isolation to their backup systems.
Cybercriminals know organizations are air gapping their “crown jewels” in backup systems and have started attacking those cyber recovery vaults. Adding cryptographic network isolation via microsegmentation can provide extra protection for those critical assets – securing all traffic into, out of and within the systems that work to lock down the crown jewels.
There’s one more thing. Organizations can work to prevent ransomware from getting into their organizations in the first place by using two-factor authentication. That may involve employing technology such as biometrics to provide that second layer of defense.
Cybersecurity attacks, including ransomware, are happening more frequently to more organizations of all types — and with more damaging results. It pays to have a Plan A, Plan B and Plan C to protect against these significant threats.
Organizations that employ the suggestions outlined above can take extra steps to safeguard their most critical assets. They’ll be able to quickly identify unusual behavior and move fast to contain it so they are far better positioned to avoid and recover from cyber events, including ransomware attacks. These tips and technologies can make organizations resilient to rapidly rising ransomware attacks.