Seems that everywhere we look today there’s another news story about a company falling victim to a ransomware attack. From the Colonial Pipeline Co. to hospitals and government agencies, no organization’s network security is impervious to these sophisticated exploits.
Just in 2021 alone, there was:
- A 151% increase in ransomware attacks compared to 2020
- A warning from the FBI that said 100 new strains of ransomware are circulating
- A rapid rise in attack volumes from 115.8 million in Q1 to 188.9 million in Q2
The main question every company should ask then becomes whether or not to pay the ransom if an attack succeeds. Let’s look at what the latest ransomware threats are, how companies can protect themselves against an attack, and what to do when (not if) you become a victim of a ransomware attack.
How Does a Ransomware Attack Work?
Cybercriminals spread ransomware using spam emails, malicious websites, social engineering, and drive-by downloads (among others). Once the malicious code infects a computer, it encrypts the user’s data before prompting the victim with a splash screen that explains how to pay the ransom.
What Types of Ransomware Attacks Are There?
It’s common for cybercriminals to demand ransom payments in cryptocurrencies like Bitcoin, making it hard for authorities to track the transactions. Currently, most attackers use cryptoware to encrypt files, but other forms of ransomware also exist.
- Lock screens – Doesn’t encrypt files, but locks users out of the infected system
- Partial encryption – Ransomware that only encrypts the Master Boot Record (MBR) or file systems like NTFS, preventing the infected system from booting up
- Extortionware – Also called leakware, attackers steal sensitive data and threaten to make the information public
- Mobile ransomware – Attacks that target mobile devices using fake apps or drive-by downloads
The lack of qualified information technology (IT) professionals, an increased dependence on remote workforces, and evolving cybercrime technologies like Ransomware as a Service (RaaS) are all compounding the problem.
How Can Companies Defeat Ransomware Attacks?
Defending against an attack requires companies to anticipate and proactively protect all of their data and networks. More workers now access company information from outside the corporate firewall, increasing the threat landscape significantly.
The majority of attacks remain opportunistic instead of persistently targeting an organization. Practicing good cyber hygiene can eliminate most of the gaps in the company’s networks and help prevent opportunistic attacks from succeeding.
Additionally, organizations should:
- Keep all software systems up to date
- Apply the latest security patches as they become available
- Use encrypted connections whenever accessing company data over the internet
- Regularly scan networks and endpoints, including personal devices that connect to the company’s network
- Establish a disaster recovery plan that uses encrypted backups
How to Recover from a Successful Ransomware Attack
If an attack succeeds, the FBI recommends not paying the ransom. Organizations have options even if the system becomes infected. The first step to recovering is preparing before it happens by backing and encrypting data regularly.
Cybersecurity professionals can clean an infected network, but to limit the time required to recover, having encrypted backups available is essential. Because there is no guarantee that the attacker will provide a working decryption tool, the best way to respond to an attack is by cleaning the infected network and restoring critical data once the organization has confidence that the malware is gone.
Recover from Ransomware Attacks with phx-IT
At phx-IT, we can assist any organization to recover from an attack and help establish additional controls to prevent ransomware attacks in the future. Organizations can no longer ignore the risks – taking a proactive approach today can save the company time, money, and reputational damage.
To find out how we can assist your organization in recovering from a ransomware attack, speak to phx-IT today.