The average cost of a ransom demanded by attackers with ransomware is at $13,000. Cybersecurity company, Coveware, handles ransomware attacks. From their figures, the amount that small businesses have to pay to recover their files has nearly doubled in 2019 from $6,733. In addition, ransomware is targeting small businesses and medical practices because these entities often have smaller budgets to protect their data. However, most think that they are too small and thus, aren’t targets and don’t take the necessary steps to protect their businesses. This has led to a massive increase in ransomware as a business strategy for cybercriminals.
In the past, attackers would send out spam with malicious links hoping to get victims for their ransomware. However, ransomware attacks have become far more sophisticated now. They are utilizing multiple methods to gain access to networks and spread all for the purpose of generating money for their creators.
Vulnerability targeting leads to more sophisticated ransomware attacks
Ransomware now targets specific vulnerabilities in Windows software so that attackers can scan the Internet looking for vulnerable hosts. One common way is to search for computers with vulnerable remote desktop installations. When an open device is found, the attacker will brute force his way in until they have access to the system. From there, he will start installing ransomware to as many computers as possible so as to have the maximum possible impact. If an attacker can get to more computers, the better their chances are of forcing a business to pay.
In 2017, the WannaCry ransomware made headlines because it used exploits that had been stolen from the United States National Security Agency. These exploits were unknown to Microsoft and, therefore, had no patches for them. The attack spread quickly but due to Microsoft releasing emergency patches, it was stopped for all those who actually installed the patches. Those who didn’t were still vulnerable.
Ransomware is a big money maker for cybercriminals
With the amount of ransom demands increasing, ransomware is big money for cybercriminals. Its also in their best interest to make sure the victims get their data back after paying.
Why is that?
If the word were to get out that victims who paid the ransom didn’t get their data back, no one would pay. One ransomware variant, GandCrab, has a near 100% recovery rate once the ransom has been paid. Gandcrab is extremely common and has created a sizeable income stream for its creators.
On the flip side, however, once a victim pays, it shows that this is a viable business model for the attackers to engage in. It is a self-perpetuating system. Ransomware attacks work so cybercriminals will keep using it as a way to generate money. Attacks are not going away.
How do you protect yourself from ransomware?
As long as organizations don’t take ransomware seriously, this threat will continue to grow. There are some steps that organizations can take to protect themselves from ransomware outbreaks.
- Keep all computers up to date with all current patches from the manufacturer. This will plug holes and vulnerabilities that malware uses to gain access to your network and computers.
- Make sure that remote access is all handled through a VPN connection. Do not allow any open RDP connections directly from the Internet to your network.
- Make sure you have quality anti-malware software on all of your computers. This will help block an infection that does manage to get onto your network.
- Improve your spam filtering so you can block phishing emails. This will help keep ransomware out by deleting phishing emails.
- Backups, backups, backups. Have a current backup of all of your data. Make sure one copy is offsite at all times so that it can’t be infected with malware.
Following these steps will ensure that you minimize your risk to ransomware attacks. It will also make sure that you are able to restore if you do become infected.