Posted On 12 Jan 2021
If the ransomware industry issued annual reports, their 2020 edition would note that it is been an extremely profitable year for them. It’s not far-fetched to call it an industry, because it is now well organized, networked, and spreading. Any malicious actor can purchase ransomware kits from the dark web and start attacking small businesses (the ransomware target of choice) straight away.
Alongside small businesses, the FBI has reported that this year ransomware has been used to attack healthcare facilities, municipal government, and educational institutions. Nevertheless, more than 50% of attacks target small businesses. In 2020, the average amount demanded by ransomware attackers was $178,000.
Ransomware is becoming more sophisticated; in recent times it appears that one group of hackers will use malware to make a breach in company security, and then ransomware users will exploit the vulnerability created. New forms of software have been developed that can circumvent standard detection technology, and ransomware attackers have diversified their business, not just encrypting and locking up systems as previously but sometimes stealing data at the same time. Another string to the criminals’ bow is the practice of “doxing”, where the criminals obtain personal information about an individual in an organization and threatened to release it unless their ransom is paid.
One useful form of protection against ransomware is “canary files”. These are valuable-looking files that are placed on a network in order to attract ransomware attackers, instantly triggering an alarm if they try to crack or steal them. Sometimes ransomware attackers can break into the system and spend months looking around, testing for weaknesses; canary files enable companies to identify exactly when the attackers first gained access, and rollback the system to a point before then.
Many people think that if they have installed ransomware software, they are protected, but experts have said that in fact this software is ineffective against 99% of modern attacks. Companies need to educate their employees about how to identify and guard against ransomware, install software that proactively seeks out and destroys threats, and continually test their systems with simulations to check its effectiveness.
Many businesses are now considering investing in insurance against ransomware: although insurance frequently won’t cover the financial losses caused by losing intellectual property, customer data, or system downtime, it will, if necessary, cover the cost of paying to release your system or data from the attackers, and all insurance companies offering such policies have expert negotiators who can deal with the attackers on your behalf.