National Cybersecurity Awareness Month: Ransomware And What You Can Do To Prevent It
Every October, we participate in National Cybersecurity Awareness Month. Throughout the month, we stress the importance of cybersecurity overall and cybersecurity topics and best practices relevant to our employees and organization. This year, our cybersecurity awareness campaign highlights the increasing threat of ransomware, what it is, how it works, and how to prevent a ransomware attack from happening.
So, what is ransomware? Ransomwareis a type of malicious software or malware that encrypts data on a computer rendering it unusable. The data is held hostage under the threat of destruction or public release until a ransom is paid in exchange for decryption.
Recent events have made it clear that many organizations are ill-equipped to defend against, let alone recover from, a ransomware attack without paying the ransom:
- July 2021: Kaseya, makers of popular IT software used by managed service providers (MSPs), was recently affected by the REvil ransomware attack in one of the biggest attacks to date. Cybercriminals initially asked for a ransom of $70 million, claiming to have infected more than 1 million systems.
- May 2021: Colonial Pipeline, an American oil pipeline system originating in Houston, Texas, suffered a ransomware cyber-attack by a criminal group called DarkSide. The attack resulted in a shutdown of the entirety of its gasoline pipeline system, which transports almost half of all fuel consumed on the East Coast of the United States.
- May 2021: The Federal Bureau of Investigation (FBI) investigates at least 16 ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, and 9-1-1 dispatch centers.
Ransomware remains one of the most profitable tactics for cybercriminals, with increasing ransom demands often ranging from $1 million to $10 million. According to an annual report on global cybersecurity, 304 million ransomware attacks were reported worldwide in 2020 alone.
There are several ways a threat actor can infect a computer or system with ransomware, but the leading cause of ransomware attacks is email phishing. When an unsuspecting user opens a malicious attachment or a link to a compromised website, ransomware infects the system. The threat actor can block access to the hard drive, encrypt some or all of the files on the computer, and then demand a ransom for decryption. Ransomware payments are typically completed using bitcoin or other cryptocurrencies, making these cybercriminals nearly impossible to track.
Every business has some form of cyber exposure, and cybercriminals don’t discriminate based on a business’s operations or size. Research has found that reported attack rates for small organizations (less than 1,000 employees) are lower than attack rates for larger organizations (more than 1,000 employees).
Sometimes, the best defense against a cybersecurity threat is maintaining awareness of the threat and understanding how it is delivered.
However, there are simple actions you can take to make sure you don’t become a cybercriminal’s next ransomware victim:
- Never click on unsolicited links or open unsolicited attachments in emails. Email phishing scams are the leading cause of ransomware attacks.
- Back up your data regularly and store your backups offline. Keeping your backups on a separate device, such as an external hard drive, ensures that threat actors cannot encrypt your backups.
- Update and patch your computer. Ensure your applications and operating systems are continually updated with the latest patches. Vulnerable applications and systems are common targets of ransomware.