In March of 2018, the city of Atlanta spent more than $2.6 million responding to a ransomware attack that targeted its municipal operations. While city officials won’t confirm whether they paid the $50,000 ransom, it is clear that the price the city paid for its recovery efforts have far exceeded the ransomware demand.
Ransomware attacks against U.S. organizations are growing rapidly. A recent Malwarebytes Labs Cybercrime Tactics and Techniques report finds that ransomware attacks against businesses jumped by 195 percent from the fourth quarter of last year to the first quarter of this year. Worse, there was a 500 percent increase by companies in detection of ransomware during that time period, partly as a result of the massive Troldesh ransomware attack.
David Burg and Sean Joyce of PwC point out that there are several factors that separate those who are vulnerable to ransomware from those who are less likely to fall prey. For example, early adoption of cloud technology gives an organization “an edge over systems that rely on computers on the premises” as it’s more difficult to “exploit holes in cloud-based architecture.”
Experts say there are several other steps that organizations can take to reduce their vulnerability to ransomware attacks:
- Stay vigilant. When WannaCry hit in 2017, companies that immediately used Microsoft’s patch to update their Windows installations were protected. Meanwhile, those that continued to use outdated operating system software (or even pirated software) were some of the hardest hit, Burge and Joyce report. “Don’t just back up your company’s data. Test the backups regularly,” they advise. “Secure them so they are separate from your other systems or networks; otherwise, they will be corrupted as well.”
- Educate workers. Stu Sjouwerman, CEO of KnowBe4, says he has seen awareness training of employees cut phishing attacks from 15.9 percent to 1.2 percent in some organizations. Since phishing attacks are often the main way to infect victims with ransomware, Sjouwerman says that sending workers simulated attacks keeps them on their toes and ensures they stick to security protocols.
- Have a data recovery plan. If critical services are knocked out, can your business still run? Moller-Maersk, the world’s largest container shipping firm, was hit in 2017, an unintended victim of NotPetya Originally targeting businesses in Ukraine, the malware soon spread around the world and cost billions of dollars in damage and lost revenue. The attack cost Maersk about $300 million in losses. Lewis Woodcock, head of cybersecurity compliance, counsels that to recover as quickly as possible, you must be able to “really understand the core businesses processes,” the systems and applications that run the operation and which ones are critical and need to be protected and recovered in the right order. Where are your backups? How quickly can you access them?
- Do a dress rehearsal. It’s a good idea to truly assess what will happen if you’re hit by a ransomware attack. Look at issues such as who will respond and when as well as who is in charge of retrieving backups and when. Also consider under what circumstances you will pay a ransom.
No matter how big or small your organization is, you’re vulnerable to a ransomware attack. By taking some of the recommended steps, you can effectively reduce the chances you’ll soon be paying cybercriminals whatever they want to keep your organization running.