Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:
- Ransoms have increased by an average of 89% over Q1 in 2019 to $12,762 per ransom request
- Average downtime after a ransomware attack has increased to 7.3 days, up from 6.2 days in Q4 of 2018, with estimated downtime costs averaging $65,645
- Victim company size so far in 2019 is anywhere from 28 to 254 employees (small, medium, and large-sized businesses)
Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.
Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system. Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.
Near and Far: Ransomware Has No Limits
Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.
- Norwegian aluminum manufacturing company Norsk Hydro, a significant provider of hydroelectric power in the Nordic region, was shut down because of a ransomware infection. The company’s aluminum plants were forced into manual operations and the costs are already projected to reach $40 million (and growing). The ransomware name: LockerGoga. It has crippled industrial firms across the globe from French engineering firm Altran, and manufacturing companies Momentive, and Hexion, according to a report from Wired.
- What was perceived as an unplanned system reboot at Maersk, a Danish shipping conglomerate, turned out to be a corrupt attack that impacted one-fifth of the entire world’s shipping capacity. Deemed the “most devastating cyberattack in history,” NotPetya created More than $10 billion in damages. To add insult to injury, the cyber risk insurance company for Maersk denied their claim on the grounds that the NotPetya attack was a result of cyberwar (citing an act of war exclusionary clause). WannaCry was also released in 2017 and generated between $4 billion and $8 billion in damages but nothing (yet) has come close to NotPetya.
- On Black Friday 2016, the San Francisco Municipal Transportation Agency fell victim to a ransomware attack. The attacker demanded $73,000 for services to be restored. Fortunately, speedy response and backup processes helped the company restore systems in 2 days—avoiding having to pay the ransom. In March 2018, the City of Atlanta experienced a ransomware attack that cost upwards of $17 million in damages. The Colorado Department of Transportation fell victim, too, left with a bill totaling almost $2 million.
These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.
Immersive cyber ranges – Protect Yourself, Your Business, Your People
If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:
- Helping professionals of all skill levels learn and apply preventative measures such as: regular backups, multi-factor authentication, and incident response planning and analysis.
- Understanding what ransomware looks like and how it would “work” if it infected their company’s network.
- Cloud-based environments can scale to emulate any size digital system and help users “see” and respond to threats in safe spaces.
- Providing user assistance and immediate feedback in terms of rewards, badges, and progress indicators, allowing organizational leaders who want to upskill their cyber teams to see the skills gaps and strengths in their teams and identify ways to harden their defenses.
When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.