How valuable is your data? That’s not a question that organizations or individuals have to ask themselves all that often. You might know the market value of your company, have a good idea of how much your business makes per day, or have worried about what would happen if some of your most sensitive data fell into the hands of a rival, but an actual monetary value on the systems and files you rely on regularly is not necessarily something most people have had to concern themselves with.
Ransomware makes this all a whole lot less abstract of a concept. Ransomware, for those unfamiliar with it, does exactly what its name suggests: it uses malware to extort money from users by promising potentially catastrophic damage in the event that they don’t pay up.
While cybercriminals might level multiple different ransom-based threats against targets, by far the most common form of ransomware attack works by encrypting a users’ files and offering them a decryption key only on the condition that they pay a fee — usually in bitcoin or another cryptocurrency so as to obfuscate the identity of the attacker.
Those victims without the proper protection measures, such as Data Loss Prevention (DLP) tools, can experience devastating fallout from such attacks.
How ransomware works
Ransomware malware may arrive on a target’s computer through a number of vectors, with a common delivery system being phishing emails. These emails either include attachments directly or else contain links to dubious webpages where users download the malware software without realizing exactly what they are placing on their computer or network. Other delivery vectors might include Remote Desktop Protocol (RDP) tools that have not been properly secured or software vulnerabilities that cybercriminals seize upon to launch an attack.
Once the malware has been installed, it can rapidly take over a computer (in some cases, they may trick users into granting administrative access) and begin encrypting vital files. Users will then receive a message threatening the loss of their files if they do not pay the ransom in time. To add more urgency, attackers will often increase the demanded ransom in incremental amounts so that users feel pressured to pay up as soon as possible.
Ransomware attacks have been around for decades. However, in recent years an extra twist has been added to the formula. Rather than just encrypting data, some attackers now combine encryption with data theft. This adds even more leverage that cybercriminals can use to extort money. The prospect of losing access to your most valuable files is bad enough, but the notion of having that information — whether it’s personal, sensitive data or competitive information — posted online or leaked to rivals is downright terrifying.
Knowing that this is the case, such data-stealing ransomware attacks are increasing in prevalence all the time.
The cost of ransomware attacks
The average cost of ransomware attacks continues to climb. A report published this year, titled The State of Ransomware 2020, suggested that the average cost of recovering for an organization hit by a ransomware attack that they paid is $1.4 million. Even if they don’t pay, however, the cost is still a daunting $730,000 — which doesn’t include a ransom payment, but does factor in business downtime, operational costs, and other levies associated with being the victim of a ransomware attack.
In neither case (either paying the ransom or not) are victims guaranteed that they will regain access to their files unless they have taken precautions ahead of time.
There is also no assurance that paying a ransom will ensure the deletion of any files that have been stolen. This newer variation on ransomware is even harder to gauge because, unlike providing a decryption key that either restores access to a victim’s files or doesn’t, targets of a data theft ransomware attack may never know for sure whether their data has been deleted as promised. They continue to face the risk that attackers could release it at a later date or, alternatively, return to demand more money.
Comprehensive protection against ransomware
Protecting against ransomware attacks is essential for organizations. Some measures, such as providing training about data security, instructing people on not opening questionable email attachments, or making use of multi-factor authentication security, can be carried out by individuals or organizations. In other cases, it’s worth bringing in cybersecurity experts.
Data Loss Prevention (DLP) tools will help to detect and prevent data breaches, exfiltration, or the destruction of data as would take place in a ransomware attack. The focus is on stopping unwanted and illegal transfer of data beyond an organization’s boundaries. DLP tools do this by monitoring access to sensitive files, then detecting and automatically blocking file actions that appear to be threats.
Meanwhile other tools can help detect ransomware activity and then quarantine users or devices that appear to be showing signs of a ransomware attack. Doing this can help stop ransomware attacks in their tracks before they result in any widespread damage.
Depending on whether you’re a small business, a large organization or, conceivably, a medical institution or similar, the effects of a ransomware attack can range from deeply frustrating to, potentially, life-threatening. One thing’s for sure, however: no-one should have to face the effects of such an attack.
Fortunately, by following the right steps, you can make sure that you’re not a victim of this brand of cybercrime. Making sure you protect yourself is among the smartest cybersecurity moves you can make.