Ransomware is on the rise, with prominent companies, universities and government agencies being targeted.1 Damages totaled more than $11.5 billion in 2019, and the average cost of a ransomware event has doubled.2 What can you do to keep your organization safe? Stopping ransomware begins with understanding how it works and building extra protections around your data.
How ransomware works
Ransomware is the fastest-growing type of cyber threat, with threats being launched every 11 seconds.3 On average, affected businesses take more than 16 days to recover.4 Criminals continue to refine software and access methods and may even sell particularly effective strains to less-adept hackers.
Ransomware is a form of malware that’s often introduced through business email compromise (BEC). In this scenario, cyber criminals send fraudulent emails to entice the recipient to open the message and click on a fraudulent link. Often, the criminals impersonate trusted senders, such as company executives or suppliers. Once clicked, the link can infect an entire network and hold your company’s data hostage while the criminals demand a ransom, often in cryptocurrency.
Companies can protect themselves through cyber education and, most importantly, preparedness. Organizations that develop backup and remediation plans can give themselves options that can greatly reduce the severity and length of a ransomware incident.
Best practices for staying safe
Adding multiple barriers and a layered defense is the most effective way to stop ransomware. Here are some best practices.
1. Do regular backups and testing
Some types of ransomware can encrypt both backups and primary files. Build sufficient defense layers, including daily backups of critical systems in locations outside the primary company network. Encryption technology can provide another layer of defense for the most critical or sensitive data.
2. Update security software and operations systems
Ransomware prevention and anti-virus software should be installed, and network scans should be conducted regularly. Email filters can block known sources of ransomware and spam. Installing the latest patches can neutralize many threats.
3. Review vendor access and contracts
You’re only as secure as the third parties you do business with. Keep tabs on vendor access to your networks and systems. Ask vendors to supply an SOC 2 (Service Organization Controls) report.6
4. Educate employees
Your employees are your first line of defense. Build their knowledge about the dangers of clicking on email links and attachments, especially for unsolicited messages.
5. Build a formal response plan
Companies should construct a step-by-step playbook that establishes response chains of command and describes specific actions employees must perform.
6. Test your recovery plan
Regularly try out your ransomware response and recovery plans so you can quickly get up and running again.
1 CRN, “The Biggest Ransomware Attacks of 2020 (So Far).”
2 Cybercrime Magazine, “Ransomware Is A Real Pain in the Wallet.”
3 Coveware, “Ransomware Payments Up 33% as Maze, Sodinokibi Proliferate in Q1 2020.”
5 Cybercrime Magazine, “Ransomware Is A Real Pain in the Wallet.”
6 AICPA, “SOC For Service Organizations.”