Ransomware Attack: To Give or Not To Give? That is the question.

The definition of ransomware, according to the Cybersecurity & Infrastructure Security Agency, is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.

Recent attacks on large businesses, hospitals and government departments would lead one to believe that ransomware attacks are solely made on large companies and institutions. However, approximately one-half to three-quarters of the victims of ransomware are small businesses. Worse, overall, ransomware attacks have been up almost 300% in the past year.

In fact, anyone with a computer connected to the internet with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities.

“The threat is real. The threat is upon us. The risk is to all of us,” Homeland Security Secretary Alejandro Mayorkas said during the U.S. Chamber of Commerce’s recent “Now & Then” Speaker series. “Inform oneself. Educate oneself and defend oneself.”

The White House warned corporate executives and business leaders recently to step up security measures to protect against ransomware attacks after intrusions disrupted operations at a meatpacking company and a southeastern oil pipeline.

“There has been a significant hike in the frequency and size of ransomware attacks,” Anne Neuberger, cybersecurity adviser at the National Security Council, said in a letter.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added.

According to Neuberger, strengthening the country’s resilience to cyberattacks was one of President Joe Biden’s top priorities. Not only that, President Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to bring up the issue during their summit this month, White House press secretary Jen Psaki said on Wednesday.
A Russia-linked hacking group that goes by the name of REvil and Sodinokibi was behind the cyberattack against JBS SA, a source familiar with the matter told Reuters.

As if this threat couldn’t get any larger, Ransomware attackers are now using triple extortion tactics, demanding ransom not only from organizations, but also threatening their customers, users and other third parties. In other words, attackers are not only decrypting stolen data but they are also threatening to leak it publicly unless the ransom is paid.

According to Check Point Software research, Global surge in ransomware attacks hit a  102% increase this year compared to the beginning of 2020, and shows no sign of slowing down.

Since April, researchers at CPR have seen an average of over 1,000 organizations being impacted by ransomware every week. This follows significant increases in the number of impacted organizations so far in 2021 – 21% in the first trimester of the year and 7% since April so far. These increases have resulted in a staggering 102% overall increase in the number of organizations affected by ransomware compared to the beginning of 2020.

The industry sectors that are currently experiencing the highest volumes of ransomware attack attempts globally are healthcare, with an average of 109 attacks attempts per organization every week, followed by the utilities’ sector with 59 attacks and Insurance/Legal with 34.

The Hill reports that the Justice Department announced this week that it will begin elevating ransomware investigations to a similar level of priority as terrorist attacks.

John Carlin, the acting deputy attorney general at the Justice Department, told Reuters on Thursday that the federal government will prioritize ransomware cases through a new process.

“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” he said.

Dark Reading reports that small businesses are being hit by ransomware, and a majority are paying up to get their data back.

According to a new survey of senior executives, 46% of all small businesses have been the targets of a ransomware attack. And of those companies that have been hit with a ransomware attack, almost three-quarters (73%) have paid a ransom.

Forty-three percent of small businesses paid between $10,000 and $50,000 to ransomware attackers. Thirteen percent paid more than $100,000. Of those who paid, however, 17% recovered only some of the company’s data.

Looking deeper into the survey conducted by Infrascale shows that business-to-business sales companies are more likely to be hit than those with a business-to-consumer model, with more than half (55%) of the former reporting attacks versus 36% of the latter.

So how do we effectively prevent ransomware?

  1. Raise your guard around weekends and holidays– Most ransomware attacks over the past year took place over weekends and holidays when people are less likely to be watching.
  2. Up-to-date patches– At the time of the famous WannaCry attack in May 2017, a patch existed for the EternalBlue vulnerability used by WannaCry. This patch was available a month prior to the attack and labeled as “critical” due to its high potential for exploitation. However, many organizations and individuals did not apply the patch in time, resulting in a ransomware outbreak that infected more than 200,000 computers within three days. Keeping computers up-to-date and applying security patches, especially those labeled as critical, can help limit an organization’s vulnerability to ransomware attacks.
  3. Anti-Ransomware– While the previous ransomware prevention steps can help in mitigating an organization’s exposure to ransomware threats, they do not provide a perfect protection. Some ransomware operators use well-researched and highly targeted spear phishing emails as their attack vector. These emails may trick even the most diligent employee, resulting in ransomware gaining access to an organization’s internal systems. Protecting against this ransomware that “slips through the cracks” requires a specialized security solution. In order to achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviors commonly exhibited by ransomware, and if these behaviors are detected, the program can take action to stop encryption before further damage can be done.
  4. Education– Training users on how to identify and avoid potential ransomware attacks is crucial. Many of the current cyber-attacks start with a targeted email that does not even contain malware, but a socially engineered message that encourages the user to click on a malicious link. User education is often considered one of the most important defenses an organization can deploy.
  5. Ransomware attacks do not start with Ransomware– Ryuk and other ransomware purchase infection bases in targeted organizations. Security professionals should be aware of Trickbot, Emotet, Dridex and CobaltStrik infections within their networks and remove them using threat hunting solutions – as they open the door for Ryuk or other ransomware infections to infiltrate organizations.

Bottom line: Protect yourself and your business…IRMI reports that coverage for losses associated with ransomware is available within cyber and privacy insurance policies under an insuring agreement most often termed “cyber-extortion coverage.” The items it covers include (1) monies to pay ransom demands, (2) the cost of hiring experts to negotiate with hackers, and (3) the cost of computer forensics experts who can determine how hackers gained access to the insured’s computer system and then make recommendations on how to prevent future incursions.

The average cost of cyber insurance is only $1,485 per year in the U.S.

I rest my case.

© Copyright 2021. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented.

Leave a Comment