It’s hard to turn on the news these days without seeing a mention of ransomware and the Colonial Pipeline attack. It’s not as if ransomware is a new phenomenon, but this attack had one of the farthest-reaching impacts of any similar attack that we’ve seen.
When Colonial Pipeline was hit with ransomware on May 7th, it had to shut down operations for about six days, causing gasoline shortages throughout the East Coast. The impact was also felt nationwide as the cost of a gallon of gas rose to over $3, its highest level since 2014.
In the case of Colonial Pipeline, like so many others, the company opted to pay the attackers to get operations back up and running. A reported 4.4 million was paid in Bitcoin.
Then, on the heels of that attack, the world’s largest meat producer, JBS, was also attacked with ransomware, having to temporarily shut down plants in the US and Australia for several days. It’s unknown if it also paid the ransom.
Ransomware is Getting Worse
Both these high-profile attacks are an indicator of the rise of ransomware and how it’s becoming a major threat to companies of all sizes. Without strong network security protections in place, companies can be devastated by downtime and remediation costs.
Because ransomware has become such a successful money-making vehicle for the criminal underground, it’s been getting worse. Ransom demands have been getting higher, remediation costs have been skyrocketing, and the volume of attacks has been increasing.
Here are a few troubling statistics:
- Over the last 12 months, ransomware attack recovery costs have more than doubled from $761,106 to $1.85 million.
- The average ransom paid to attackers has risen to $179,404.
- During the pandemic, ransomware attacks have increased 715%.
How to Protect Your Business from Becoming a Ransomware Victim
Ransomware attackers will target all-sized companies. The smaller businesses may end up getting a $10,000 ransom demand instead of several million, like large corporations, but hackers can easily make up the difference in volume.
One of the big reasons for the rise in attacks is that larger criminal organizations have begun selling “Ransomware as a Service” to anyone. So even inexperienced criminals can pay to get the tools to easily implement a ransomware attack themselves or by someone else.
Many of these novices will go after small businesses because they see them as the easiest to breach.
It’s important to put several best practices in place to avoid falling victim to ransomware.
Password Security & Multi-Factor Authentication
One popular method to perpetrate a ransomware attack is via phishing email. There’s even a better chance of fooling someone into clicking a malicious link if the email comes from someone inside the company.
Hackers that gain access to an employee email account will often send phishing emails from that email address to fool others into falling for their trap.
It’s important to keep online accounts protected through strong password security and the use of multi-factor authentication.
Patch & Update Management
Ransomware and other types of malware are often designed to take advantage of an operating system, software, and firmware vulnerabilities. Unfortunately, many companies don’t have a strategy in place for keeping all devices on their network properly updated.
It’s critical to have a patch and update management plan in place. The easiest way this is done is through managed IT services, which offer a wide range of optimization and security services for one low monthly cost.
All devices with access to your business data, including mobile devices, should have a strong antivirus/anti-malware program installed. It should be able to detect anomalies in behavior, not just signature-based threats since many threats are now “zero-day” and not yet in a signature database.
A network firewall is your first line of defense against intrusions into your network. Firewalls monitor traffic and look for anything suspicious going in or out of your network.
It’s important to use a modern next-gen firewall to ensure that the newest and most sophisticated threats can be detected and neutralized automatically.
Employee training may not seem especially advanced or sophisticated, but it’s one of the most important protections against ransomware and other malware.
Phishing emails are the #1 cause of ransomware infections. Phishing directly targets individual users in an attempt to bypass more sophisticated protections (like firewalls, etc.).
It’s important to conduct ongoing training (not just once per year) on how to spot phishing emails and how to stay safe online and avoid social phishing and malicious websites. A well-trained team can significantly reduce your risk of falling victim to a ransomware attack.
Backup & Data Recovery
Having a current backup of all your data AND the ability to quickly restore that data to your systems is vital for the ability to avoid paying a ransom.
Many companies pay the ransom out of desperation even if they have a backup because their backup takes too long to restore. Make sure you have a backup platform that includes rapid recovery and that you practice this at least a couple of times per year in an incident response drill.
It’s Time for a Cybersecurity Risk Assessment!
Rocky Knoll Technologies can help your Charlotte area business with a full cybersecurity risk assessment to ensure you’re not a sitting duck for ransomware attackers.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.