The average cost of recovering from a ransomware attack in 2021 was $4.62 million. The worst part? That’s not including the cost of the ransom.
Ransomware is a dangerous and harmful form of malware, so what can you do to protect your company from it? Before we talk about how to prevent ransomware attacks, we should first consider what ransomware is and how it’s different from other cyberattacks.
What Is Corporate Ransomware
Ransomware is malware that seizes control of your business’s system and is used by hackers to extort money from companies, government entities, and other organizations and only relinquishes that control after you pay a ransom. The cybercriminal seizes this control by encrypting your network’s data.
This may only affect your company’s internal affairs, such as file and database infiltration. Or a ransomware attack could also hinder your customers’ interactions with your company via customer-facing applications or portals.
Corporate ransomware may specifically refer to ransomware that targets larger corporations (we’ll discuss examples in the next section).
In most cases, ransomware cannot be removed from a system without paying the ransom. Many ransomware encryptions are progressive algorithms, meaning they evolve to be more advanced and therefore more difficult to overcome. An attempt to reset your system to factory settings may mean the loss of valuable data if you don’t have a backup strategy in place.
What Are Some Examples of Corporate Ransomware Attacks?
According to the FBI, in 2020 the Internet Crime Complaint Center (IC3) received 2,474 ransomware complaints that totaled $29.1 million in damages. As ransomware attacks increase in frequency, we hear more about them in the news. Here are some recent examples of corporate ransomware attacks you may be familiar with:
Colonial Pipeline Cyberattack: The Colonial Pipeline supplies most of the United States’ eastern coast with gasoline, diesel, and jet fuel. In 2021, hackers encrypted Colonial Pipeline’s network, by gaining access through a rank and file employee’s exposed password, shutting down its operations for several days. Under the supervision of the FBI, the company paid the hackers the requested $4.4 million to remove the ransomware.
Ryuk: Ryuk is ransomware that has been used on many occasions to encrypt networks within businesses, hospitals, and governments since 2018. This malware is usually distributed through TrickBot, a type of Trojan virus that steals financial and personally identifiable information. Some of Ryuk’s victims include the Los Angeles Times, Baltimore County Public Schools, and many others.
Travelex: The London-based currency exchange company was hit with ransomware in 2019, leading them to pay $2.3 million to the cybercriminals. In the meantime, all of their customer service interactions were halted.
6 Best Practices for Ransomware Prevention
It’s hard to get rid of ransomware once it gets into your system. Therefore, the best way to avoid the consequences of ransomware is to prevent it from getting in at all. Here are six steps you should take to learn how to prevent ransomware and its effects:
1. Maintain Backups
First and foremost, maintain regular backups of all your files. If your systems get infected with ransomware, you can wipe your system knowing you have all the data you need to continue work the next day.
Be sure to keep an offline copy of your backup or a secure cloud backup that’s hosted outside of your network to shield it from a hackers attempt to target it through your system.
2. Conduct Ransomware Security Training
Non-Executive employees are targeted 77% more frequently than executive employees. That’s because many ransomware attacks start when an employee clicks a bad link or inadvertently succumbs to a phishing scheme. Employees don’t fall for these tricks because they’re gullible— they simply lack proper training.
Training employees on the warning signs of ransomware attacks and phishing schemes is one of the best ways to avoid ransomware infiltration. It is important that the training also covers proper operating system maintenance and transparent communication regarding potential cyberattacks.
3. Enable Email Security
Since email is commonly used in ransomware attacks, your email system should be configured to automatically filter out suspicious emails to limit your employees exposure to phishing attacks or nefarious hyperlinks.
You may also consider investing in phishing and botnet protection as an added layer of security, which delivers rapid alerts to employees and customers alike whose credentials may be compromised in phishing or botnet schemes.
4. Update Your Systems
Certain ransomware and other malware are delivered through exploitable vulnerabilities in an operating system (OS). OS updates help iron out those vulnerabilities, keeping your system secure from malware. That is, until a new vulnerability is revealed, requiring a new OS update.
If you or your employees don’t regularly update software, you’re leaving the door wide open for ransomware to wreak havoc. Update your systems.
5. Secure Your Credentials
The Colonial Pipeline cyberattack was possible because of a single exposed password. If any executive, board, or employee corporate credentials have ever been compromised or leaked in the past, you could face a similar fate.
How do you know if your credentials were exposed? The easiest way to tell is to conduct an exposure risk assessment. This will scour the internet, including the dark and deep web, to see if your information has been harvested. If you or your employee’s sensitive information has been exposed, the assessment will flag those exposures and help you determine your next steps.
6. Protect Your Employees
As mentioned previously, your employees are the most common target and entry-point for ransomware attacks. While training can go a long way to prevent attacks, so can employee cybersecurity protection.
Hackers are always looking for more sophisticated ways to go after organizations and you must take proactive cybersecurity actions to better protect the sensitive data of employees and executives, safeguard critical infrastructure to reduce cyber risk.
Can an Antivirus Program Prevent Ransomware?
Yes, an antivirus program can provide a degree of protection ransomware from infecting your system. Unfortunately, antivirus software alone doesn’t always detect or effectively prevent ransomware attack. As such, you should pair your antivirus program with a robust anti-ransomware security program and educational training.
What to Do If You’re the Victim of a Corporate Ransomware Attack
If you ever discover that your data has been seized through a ransomware attack, don’t panic. Even if you strictly adhere to the tenets of ransomware prevention, an attack can still occur. Here’s what you need to do to get a handle on the situation:
Identify the infection, specifically which malware strain you’re facing.
Isolate the infection by disconnecting infected computers and systems from the rest of your network.
Report the infection to authorities, preferably to the Cybersecurity and Infrastructure Security Agency (CISA).
Restore your data with a backup if you have one. (Make sure you’ve instructed your organization to change their passwords beforehand!)
If you don’t have a backup, use tools to decrypt the ransomware or consider paying the ransom.
Make a plan so this doesn’t happen again.
Complete Cybersecurity Protection for Executives and Employees
We hope you never deal with ransomware. But hope isn’t a plan—taking proactive steps to reduce the risk of ransomware . By working with Constella Intelligence, you can effectively protect executive and employee sensitive data from cyber threats.
*** This is a Security Bloggers Network syndicated blog from Constella authored by erin.brady. Read the original post at: https://constellaintelligence.com/corporate-ransomware-and-how-to-prevent-it/