One of the biggest threats in cybersecurity today is ransomware. Over the last couple of years, many businesses have fallen victim to ransomware attacks which led to millions of dollars of losses. Among the most devastating strains of ransomware that have emerged in recent years were WannaCry, NotPetya and Locky. These attacks crippled operations all over the world and left businesses paralysed in their operations.
The WannaCry incident, which is also often regarded as the biggest ransomware outbreak in history, affected more than 250,000 victims in over 150 countries in just a couple of weeks. This ransomware strain exploited the vulnerability of large numbers of systems to spread its infection at an unprecedented rate. Unsuspecting victims were coerced to pay ransom in Bitcoin or risk losing all their data. It was reported that the attacks resulted in US$4 billion of losses.
Over the years, CrowdStrike has researched the ransomware threat and compiled its findings and expert recommendations in the whitepaper titled, “Ransomware, A Growing Enterprise Threat”. The whitepaper takes a deep dive into the evolution of ransomware, how perpetrators are adapting their tactics to maximise profits, as well as best practices for protecting businesses from becoming a victim of ransomware.
To download this whitepaper, click here.
Data today is worth a lot. In addition, companies may also be concerned about what would happen to their investors’ confidence should news of a ransomware attack in their company is leaked out, not to mention the loss of trust among customers.
While some companies may have enough funds and are willing to pay for cybercriminals to get back their data, cybersecurity experts are advising against this because not only will it encourage other hackers to start their own ransomware campaigns, there’s also no guarantee that the criminals will restore the locked or encrypted data.
So how did such an outbreak happen?
The most direct answer to this was because businesses were just not prepared to face such an attack. None of them expected a cyber attack of this proportionate level to happen to their business. Most of the affected businesses had cybersecurity systems in place to protect them. But because many organisations failed to patch their systems and with ransomware’s unique encrypting methods, threat actors were able to bypass the systems and carry out the attacks.
Statistics show that 93% of the victims during the WannaCry ransomware attack had antivirus and anti-malware software. According to a global survey of IT managed service providers, 46% of respondents believed that the ransomware was caused by spam and phishing emails while another 36% felt it was caused by a lack of employee training. Surprisingly, only 1% of them felt that it was a lack of their cybersecurity measures that allowed the ransomware attacks to happen.
Technology today has also enabled cybercriminals to enhance the effectiveness of their attacks. Other than educating their staff about cyber security, businesses also need to ensure they have the right cybersecurity protection that allows them to achieve “defence in depth”. Otherwise, they will end up losing a lot if they’re data is breached.
How can businesses protect against ransomware?
There are a few courses of action that businesses can consider when protecting themselves from ransomware. Firstly, backups are crucial because there’s no perfect solution that can guarantee that you can stop 100% of threats. Having reliable backup ensures that when all else fails, you have the capability to restore your valuable data. Experts recommend that businesses adhere to the 3-2-1 backup rule, where they need to keep at least three (3) copies of their data, with two (2) backup copies stored on different storage media and one (1) of them located offsite.
Next, businesses need to have robust anti-phishing measures in place. Phishing emails are becoming more common these days and are often regarded as one of the simplest ways cybercriminals use to get their victims. While there are anti-phishing email programs to curb this problem, sometimes all it needs if for employees to be aware of their email communications with their peers. Any suspicious content or email should be deleted and not opened by them.
Businesses also need to improve their patch management process by installing the latest patches and updating their existing applications and tools frequently. Doing so would help many companies avoid the WannaCry infection, which exploited operating system vulnerabilities that were already a few years old at the time. Businesses should also check for unauthorised patches which may be malicious.
These solutions are just the tip of the iceberg.