Estimated difficulty: 💜🤍🤍🤍🤍
Ransomware can be a costly attack to organisations of all sizes. Recently Garmin fell victim to a ransomware attack, with reported ransoms of up to US$10 million in exchange to reinstate company files.
According to a The State of Ransomware 2020 by Sophos, the global average cost to remediate a ransomware attack (including factors such as downtime, ransom paid and missed profitable opportunity) was US$761,106. These staggering costs aren’t the only worry either, as ransomware attacks are also on the rise – with CyberEdge’s Cyberthreat Defense Report stating 62% of organisations fell victim to a ransomware attack in 2019, an increase from 56% in 2018 and 55% in 2017.
What is Ransomware?
Statistics are all good and well, but what exactly is ransomware do you ask?
Ransomware is fundamentally a type of malware that prevents user access to a system, which usually entails encrypting user files. Attackers typically then demand a ransom to be paid to reinstate access or decrypt the files.
Phishing attacks are the most common method to deliver ransomware. Spam emails are usually sent out to manipulate victims to either download malicious executables (hidden as part of email attachments), or to click malicious links embedded in the email body.
Get Those (Cryptocurrency) Gains
Ransoms are usually demanded in the form of cryptocurrency such as Bitcoin. Cryptocurrencies tend to be chosen as a method of payment due to the ability to anonymise transactions and the efficiency to process them. Other popular cryptocurrencies include Ethereum, Ripple and Litecoin – however Bitcoin remains to be the most popular currency for ransom demands.
Haven’t heard of cryptocurrencies before? That’s alright! Find a quick intro to “What is Cryptocurrency?” below:
What’s the Big Dealio?
Ransomware will more than likely be an ongoing issue for years to come. As technology changes and evolves, it’s hard for corporations and individuals to change their defences to keep up with the emerging threats in the cyber security realm.
Ransomware can cause serious downtime, affecting the continuation of services and trading of corporations – resulting in massive financial and revenue losses. Ransomware can affect a business for weeks or even months, crippling essential business operations that can cause serious reputational damages and severely tarnish customer trust relationships.
Of course the “big one” for ransomware is data loss. It’s reported that one in five victims do not get their data back, even after paying the ransom.
Back to Basics: How to Protect Yourself
There are plenty of ways to protect yourself and keep yourself safe from a ransomware attack, but let’s get back to basics…
Below are just a few things you (or your business) can do to keep yourself safe against ransomware attacks…
- Make regular backups of system data and user files
- Educate yourself (or staff) on cyber safety and cyber awareness
- Schedule regular patching and updates for systems
- Keep all software updated
- Seek professional advice from cyber security experts if you are unsure
- Are you a business? Analyse your business risks and place contingency plans in the event of a ransomware attack
- Report all ransomware attacks to the police
Warning: Graphic Content
A few years back (approx. 2018, so a few stats may be a little outdated) I created an infographic about ransomware for a target audience of SMEs (Small and Medium Enterprises)
If it’s any use to anyone, have a peek below!
Stolen from the infographic above, you can find more ransomware guidance from the National Cyber Security Centre here or if you wish to report cybercrime (including ransomware attacks) you can go to the Action Fraud website here.
This post is the introduction to a Security Queens ransomware series, so there will be follow-up posts that go into more detail of ransomware aspects such as mitigation and policy recommendations, the cryptographic wizardy behind the encryption and researching real-world case studies.
In the meantime, I hope you enjoyed this quick-intro to ransomware!