Ransomware and its impact to your business
Continuing with our series of articles on cybersecurity issues we are going to address another of the most common dangers, and most lucrative for cybercriminals. The impact figures from ransomware can be chilling, as we can see in this article. The average cost of ransomware attacks in 2022 is $4.54 million, with these figures taken from IBM statistics.
Something more important that we can make clear is that the danger of ransomware goes beyond a simple data hijack for profit. In the context of a globalized world that is dependent on the use of information and technology to operate, some ransomware attacks have begun to function as a political tool. As we can see in April 2022, the Costa Rican economy was paralyzed due to a ransomware attack forcing the country to enter a state of emergency from May 8th to May 11th.
The most dangerous part of this situation is not that the attack was successful and was able to paralyze the country’s economy, but that hours after the incident, the country’s national commission for risk prevention and emergency response acknowledged not having any protocol or strategy to prevent or resolve the effects of this type of attack.
Definition of ransomware
Before we get down to business, what is ransomware? According to Wikipedia, it is defined as the following: ransomware (coming from the terms ransom,and ware, abbreviation of "software”) is a type of malicious program that restricts a user’s access to certain parts or entire files of an infected operating system and that demands a ransom in exchange for removing this restriction. Some ransomwares encrypt the operating system files, rendering the device unusable and coercing the user to pay the ransom.
As we saw above, perhaps the definition is not quite complete (although it perfectly defines the term as such) and we should add data hijacking for political reasons or for no purpose other than to disrupt the normal course of a company or government.
The ransomware phenomenon is not something new, it has existed since the 80s. These attacks blocked access to the operating system and demanded ransom payment to unlock the use of the device. As we can see in this article the first attacks of this type were prior to the spread of the Internet and Joseph Popp is considered to be the father of ransomware attacks.
Dr. Joseph Popp was an American evolutionary biologist who was dedicated to the research of the AIDS virus. He developed the "AIDS" Trojan, and after developing it he mailed 20,000 diskettes to different countries, disguising the Trojan as an introduction of information about AIDS. After investigation he was arrested by the British authorities and confessed to having developed the Trojan so that he could donate the proceeds to the virus research. He was declared mentally unfit to stand trial and was returned to the United States.
For a few years, ransomware was less prevalent as a tool since capital tracing was relatively easy, but with the emergence of digital currencies and cryptocurrency, which are much more difficult to trace, ransomware has begun to take hold once again.
Many ransomware attacks are not reported, mainly because they can produce substantial damage to the image of a company beyond the cost of the ransom. With that said, we are talking about a problem that is widely known and that is increasingly costly for companies and organizations worldwide.
According to IBM statistics for 2022, the average cost of these attacks is $4.54 million per attack and $5.12 million in case the attack is focused on destruction and not ransomware. Obviously this is an average, as the damage that an attack can do to a Big Tech company is not the same as to an SME. However, the numbers are staggering.
How do we protect ourselves from a ransomware attack?
Most data breaches start with a successful phishing attack or a successful credential leak. The most common, according to the IBM statistics we have mentioned above, is the credential leak where we talked about how to better protect our passwords. The second most common data breach is via phishing, a topic to which we have dedicated two articles, one of a more general and the second one talking about more specific dangers for e-commerce.
Phishing focuses on human error (in most cases of ransomware start with a phishing attack). Here is a list of recommendations to avoid being affected by this type of attack.
- Keep software updated: It is essential to keep both the operating system and the software used on the computer updated, as attackers often target vulnerabilities already discovered in outdated systems.
- Make regular backup copies: It is important to have backup copies of the most important files and keep them in a safe place. In the case of a ransomware attack, we will be able to recover the data without having to pay the ransom.
- Use security software: It is advisable to use good security software including antivirus, firewall and anti-malware and to keep them updated.
- Do not open suspicious emails: Emails from unknown senders or with suspicious subject lines may contain ransomware-infected attachments. It is important not to open these emails or download the attachments.
- Avoid clicking on suspicious links: Suspicious links may lead to malicious websites containing ransomware. It is important not to click on unknown or suspicious links.
- Limit file access: It is advisable to limit access to files and folders to only those users who need to access them. This reduces the risk of an attacker being able to access and hijack important files.
- Use strong passwords and two-factor authentication: Use strong passwords and change your passwords regularly. It is also advisable to use two-factor authentication to add an additional layer of security.
- Disable macros in Office documents: Disabling macros in Office documents can help prevent unintentional execution of malicious code.
By following these recommendations, you can significantly reduce the risk of suffering a ransomware attack. It is important to remember that prevention is the best tool to protect against this type of threat.
Subscribe to our newsletter.
Stay tuned to the best practices and strategies in e-commerce and grow the business as leading brand in your industry.
What if we are victims of one of these attacks?
Sometimes, no matter how hard we try not to let it happen, one of these attacks succeeds. What should we do in that case?
If you find yourself in the situation of being a victim of a ransomware attack, the first thing you should do is to stay calm and not panic. Below, we share the steps to minimize the damage and recover as much data as possible:
- Isolate the infection: If you discover that you are falling victim to a ransomware attack, it is important to immediately disconnect your computer from the network and from any external storage devices. This will help prevent the virus from spreading to other devices and systems. After this you need to notify your company's security or systems team.
- Identify the type of ransomware: Knowing which ransomware has infected your system is critical in determining what recovery measures to take. You can search online for information to find out if there is a specific tool to help you recover your files or if there is a way to decrypt the code.
- Inform the authorities: You need to raise the alarm to the authorities as well, so that they can take the necessary measures. Some ransomware is designed to steal personal information, so this is especially important if you believe your personal data has been compromised.
- Do not pay the ransom: Although it may be tempting, paying the ransom does not guarantee that you will get your files back. Furthermore, this will only encourage cybercriminals to continue carrying out these types of attacks.
- Recovering the files: If you make regular backups you will be able to implement data recovery through backups. That is why having a backup policy is vital, and keeping those backups in a secure and isolated environment.
Remember that prevention is always better than regret, that is why we recommend to have protection measures in place. In any case, it is also very important to keep in mind that any company or government organization should have a recovery plan for all types of incidents including ransomware.
Why not pay the ransom?
The first reason is obviously legal-related. There are countries where it is literally illegal to pay these ransoms, which is a very good reason in itself not to do so.
The second reason is an ethical reason. By paying these ransoms, we only encourage these attacks and fund future problems for our company and others.
The third reason is practical. Once the payment is made, there is no guarantee of receiving the encryption key, and you lose both money and data in the process. In other cases, even if the key is delivered, it is not able to decrypt all the files and part of the data is lost. Therefore it is important to have all the preventive measures in place, and above all to have secure backups to be able to get everything up and running again.
In recent times, we have seen the problems that these attacks can bring.
The Clinic of Barcelona suffered a ransomware attack and has had to change its usual course of work, even stopping all appointments and operations including appointments for oncological radiotherapy. These attacks are very serious and the best way to avoid them is to be aware of them and to know what we are doing in every moment in front of our PC, to avoid putting our company and the information we work with at risk.
If you need help with the security of your IT systems or for your e-commerce, do not hesitate to contact us today.