You may have heard about ransomware in the media, most likely in relation to some sort of cybersecurity breach, but what exactly is it?
In simple terms, ransomware is a type of malware typically used by cybercriminals to gain access to your information and then lock you out. The aim is to gain financial advantage by threatening to publish your information, and/or lock you out so you cannot access it.
The first concrete cases of ransomware were reported in Russia in 2005. Since then, ransomware has spread all over the world, particularly over the past two years.
The increase in remote working as a result of COVID-19 has created more opportunities to get ransomware into core systems and cause severe disruption to business.
Should I be worried?
Ransomware attacks by month
Source: BlackFog, The State of Ransomware in 2021
As shown in the above diagram, the number of recorded ransomware attacks in the world have been steadily increasing over the past two years. On average, there are at least 25-30 reported attacks each month.
Ransomware attacks by industry
Source: BlackFog, The State of Ransomware in 2021
According to BlackFog, the top five most attacked industries by ransomware in 2020 were government, education, services, manufacturing, and healthcare, with governments encountering at least 25 attacks worldwide.
In addition to the above, there are other key reasons to take note of ransomware:
- Ransomware attacks have become more frequent and now include data theft for the second round of ransom.
- All data is encrypted until the money is paid. However, even after the money is paid out, there is no guarantee the hackers will provide access to the data and/or not sell it for extra profit.
- Laws such as GDPR imposes large fines of up to €20 million or up to 4% of global turnover (whichever is higher) for any non-compliant organisation.
- In addition to the financial cost, the reputational damage to an organisation is equally severe.
- This type of attack can target anyone at any time, from big Fortune 500 companies to small and medium businesses.
These may just seem like statistics, but there are some names behind them. Here are some of the more significant ransomware attacks that have affected companies and software you may know:
The WannaCry ransomware attack of May 2017 was arguably one of the most well-known ones. The software targeted and encrypted the data on computers running Microsoft Windows, with attackers demanding a ransom in the Bitcoin cryptocurrency to release it.
The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
Colonial Pipeline, an American oil pipeline company in Houston, Texas, suffered a ransomware attack in May 2021 that impacted its computerised equipment for managing the pipeline. Since the company is responsible for supplying 45% of diesel, petrol, and jet fuel to the United States’ East coast, the attack disrupted supplies for several days, causing fuel shortages and queues at pumps in states such as Georgia, North and South Carolina, and more.
Waikato District Health Board (DHB) in New Zealand confirmed in June 2021 that they had suffered a ransomware attack on their hospital computer systems and phone lines. An unidentified group having obtained sensitive data about patients, staff, and finances issued the DHB an ultimatum. A month later, the data was leaked on the Dark Web.
The ransomware attack brought the DHB's hospitals and services to a halt and staff have had to resort to manual workarounds to continue caring for patients. Some people needing specialist treatment had to travel to other DHBs.
Several managed service providers (MSP) and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for over 1,500 companies in July 2021. The source of the outbreak was traced to the Virtual System Administrator (VSA), a remote monitoring and management software package developed by Kaseya.
Kaseya ransomware attackers claimed they infected over a million systems globally and demanded $70 million in ransom. In New Zealand, there were over 100 and 11 schools affected by the attack.
What to do (and not do) against ransomware
Do have good offline backups
For most ransomware attacks, the goal is to encrypt your data, so one of the best defence mechanisms against is to have a robust offline backup system in place and test it regularly by restoring the backup.
Do keep your system up to date
Regularly patching your applications and operating systems can greatly protect you from ransomware attacks. Most of the ransomware used in the attacks are known vulnerabilities that have been exploited in the wild for weeks or even months, so applying the latest security patches makes it harder for cybercriminals to take advantage of these known security loopholes.
Do enable MFA wherever you can
By enforcing multifactor authentication (MFA) to access the network or log in to corporate accounts, it makes more difficult for cybercriminals to gain access.
Do NOT click on unknown links in your emails
Ransomware is a malicious payload that is downloaded onto a device. Therefore, the most common and easiest way for ransomware to infect your device is by clicking on a phishing link in an email.
Do NOT plug in unknown USB keys
Cybercriminals may leave a USB key inside or outside a workplace to entice staff to plug it into a computer. Once it is plugged in, the malicious payload will be automatically installed onto the computer.
Do NOT connect to unsecured public Wi-Fi networks
When connecting to a public Wi-Fi network, your device is more vulnerable to ransomware attacks. This is because it opens the opportunity for others to see what you are doing online, including your usernames and passwords.
Cyber security starts with you
Don’t wait until your organisation has suffered a ransomware attack to start getting ready for it. If you found the above information useful, please reach out to us for a quick no-obligation chat about performing a full cyber posture assessment of your organisation to better protect against ransomware attacks.
In the meantime, here is a quick ransomware preparedness checklist you can use to get you started on your cyber security preparedness:
- Is your data backed up daily to an offsite location?
- Are your offsite data backups tested at least annually?
- Are users trained to recognise phishing emails?
- Is your email filtered to protect against phishing?
- Is your external and internal network traffic monitored?
- Is your network segmented to protect mission-critical assets?
- Do you have an inventory list of all your hardware and software assets?
- Have you removed all unsupported hardware and software in your operating environment?
- Do you have a regular patching schedule?
- Are critical and high vulnerabilities patched within 30 days?
- Are strong and unique passwords implemented throughout your organization?
- Is multifactor authentication implemented for all privileged and remote users?
- Do you have a list of known bad software, and is the software on that list being blocked?
- Do you maintain a list of known approved software?
- Do you have an incident response plan?
- Do you have a disaster recovery plan?