Appalachia Technologies Blog
The ABC's of Ransomware
Ransomware – The What, Where, and Why
Everyone has heard stories by now of an organization getting hit by ransomware. From individuals to small and enterprise-level organizations, it can pop up anywhere and cause havoc. What is it? Where does it come from? Why isn’t it going away? Today we’re going to break it down.
Ransomware traces back to the late eighties and early nineties when a virus was used to extort funds from victims of ransomware. Payments were even made by mail and the fix was received back through mail. Money, the same thing that drives many other malicious activities, is the major driver and motive behind ransomware.
What Is It?
Ransomware is a tactic that is used to encrypt an organization’s files so that they are not usable. The criminals have the decryption key and hold it for ransom which usually requires a lump-sum payment by the victim in order to receive it. The typical threat to a company that is hit with ransomware is either losing their files forever or having their files publicly disclosed, meaning that private data and/or intellectual property is released to the public. The risk to the business is the inability to work, resulting in loss of revenue, and should private data be released, there is additional reputational damage.
In the current state, the bad actors usually require payment to be paid through Bitcoin, a common cryptocurrency. The reasoning behind this type of payment is that it is untraceable back to the criminals, and there is no way to get it back. Transactions cannot be stopped or reversed - once the payment is sent, the funds are gone forever. With that said, it begs the question of whether or not an organization should ever send payment to the criminals.
Should Your Organization Send a Ransomware Payment?
The risk for every organization is different. Although I cannot directly answer whether or not your company should send a ransomware payment, I’ll give you something to think about. Over the past few years, we have seen a rise in double and triple hits. This means that organizations are paying the ransom and in a short amount of time, they are being infected yet again. The criminals know that if an organization is willing to pay and has the funds, they may likely pay a second and possibly a third time. To further, organizations are often not able to retrieve their files because of file corruption or a bad decryption key. It is always important to realize that these are criminals that are infecting your organization. Sending money to them never guarantees a solution. There’s no customer service phone line to register a complaint if you “didn’t get what you paid for.” Each organization needs to decide for itself, however, the FBI states they do not recommend paying the ransom, and they do advise to call them to report any ransomware attacks.
What Is the Cost of Ransomware?
It is predicted that by 2031, the global damage cost of ransomware will exceed $265 billion. Ransomware was predicted to cost $5 billion in 2017, which was a 15x increase in just two years. The amount in 2021 was estimated to be around $20 billion which is up 57x more than in 2015. Link to source
It is important to remember that the cost of ransomware is not just the ransom itself. There is often remediation that needs to be done and a loss of productivity over the period of time it takes to recover. In the United State in 2020, remediation costs averaged $2.09 million. If client data is leaked, it could also include settlement payments as well.
How Can an Organization Protect Itself From Being the Next Victim?
According to the 2021 Verizon Breach Report, 82% of ransomware attacks were caused by the human element. Having a very security-aware company culture is of utmost importance. Security awareness training should happen regularly, not just yearly. As history has shown us for years, criminals will always take advantage of humans. This happens through phishing, phone calls, malicious ads that look appealing, and other types of social engineering. An organization’s workforce is its first defense.
As well as having a great security culture, it is important to ensure that files are backed up properly and tested. Segmentation of systems is important to help decrease the infection. Also, having an Incident Response Plan (IRP) that is tested regularly will ensure that if your organization is infected, there are proper protocols and procedures followed. To learn more about Incident Response Plans, check out my previous blog on the topic.
An organization is never completely safe from ransomware. It is important to stay current with the latest trends and communicate them through your organization. If you would like to learn more information about ransomware and how your company can stay safe, reach out to us at Appalachia Technologies.
Mike Miller is a cybersecurity professional with 25 years of experience throughout the IT industry. He has focused on security, specializing in the areas of Virtual Chief Information Security Officer services, Governance, Risk, and Compliance, PCI, SOC, Intrusion Detection, Penetration Testing, and Incident Response. In 2011, Mike founded Cyber Protection Group, which was acquired by Appalachia in 2022. Mike is passionate about mentoring and assisting aspiring cybersecurity professionals and can be found regularly sharing insight on his LinkedIn profile. When he isn’t fighting cyber crime, Mike loves spending time with his wife and kids, often boating in the Ozarks.