Ransomware is one of the most damaging types of malware for a business. It can bring operations to a standstill by encrypting all of a company’s files and making them unusable.
The criminal then requests a ransom to provide a decryption key to return access to the files so a company can operate as usual again.
Any good cybersecurity strategy includes protections against ransomware because it’s not only becoming more costly, but also more prevalent.
According to the Sophos report on the State of Ransomware, over half (51%) of organizations were hit with ransomware last year, and in 73% of those attacks, the hackers succeeded in encrypting data.
A recent ransomware attack took out the systems of the Texas state court system, causing websites to go offline due to the breach. And for every ransomware victim you read about in the news, there are many others that are small and mid-sized businesses, that you may not read about.
Ransomware can hit at any time and it keeps getting more costly for the victims.
Between 2018 and 2020, the average cost of ransomware-caused downtime per incident:
Attackers keep being emboldened by the number of companies that are willing to pay the ransom because they don’t have a reliable backup in place. This has unfortunately caused the average amount of a ransom demand to increase by over 88% in the last two years to $8,100.
There are several strategies you can use to protect your business from ransomware and the devastating costs.
Phishing emails are the #1 delivery method for ransomware and other forms of malware. So, to mitigate the risk of having your network infected, you want to reduce the amount of phishing that makes it into employee inboxes.
Due to COVID-19, phishing increased 667% earlier this year, which makes it all the more critical to put anti-phishing protections on your devices. You should also use tactics like spam filtering and email authentication to quarantine phishing emails and keep them from getting to employees.
About 25% of U.S. businesses hit with ransomware pay the ransom to get files back, which is enough to encourage attackers to keep on hitting companies with attacks.
Some businesses lose files for good because they refuse to pay the ransom and don’t have a complete backup of all their files.
The companies that come out mostly unscathed are the ones that have a reliable backup and recovery solution in place that allows them to have their data restored quickly once the ransomware is removed.
The most reliable backups are done through a managed services plan because they’re monitored to ensure they don’t stall or run out of space and that they capture all critical company data.
Ransomware doesn’t only attack data on computers and servers. Many data breaches and ransomware infections happen to cloud data. 59% of attacks where data was encrypted happened in the public cloud, this includes services such as Google Drive and Dropbox.
To properly protect your cloud application data, you should:
All devices used for work, both computers and mobile devices, should have strong antivirus/anti-malware protection.
You want to ensure you’re using a trusted solution that uses behavior-based monitoring and doesn’t simply check a database of known threats. With behavior-based antivirus, you have protection against newer forms of ransomware that may not have been cataloged yet (called “zero-day”) because this type of software looks for suspicious behaviors of any type of program or code.
Employees are on the front line when it comes to thwarting ransomware attacks. You should train them regularly on cybersecurity awareness, how to spot phishing emails, and best practices for things like password security.
Through regular, ongoing training and things like simulated phishing drills, you can increase the cybersecurity awareness of your employees and give them the tools to spot and avoid an email that leads to ransomware.
Ransomware, like other forms of malware, often is designed to exploit a security vulnerability in an operating system or software. To reduce your risk, make sure all employee PCs and other devices are kept updated.
One of the most reliable ways to ensure everyone’s devices have updates and security patches installed regularly is to use a remote managed services plan that can automate the update process for you.
Don’t leave your business vulnerable to a ransomware attack that can cost you hundreds of thousands of dollars. Digital Crisis can help you put a layered strategy in place that includes data backup and prevention strategies.
Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.