Last year saw one of the most damaging ransomware attacks ever conducted. The software company Kaseya was breached, resulting in damages at more than 1,500 organisations and a ransom demand of $70 million (about £51 million).
That, however, is only one in long line of incidents last year that were considered “one of the most damaging ransomware attacks ever”.
There were also attacks on Colonial Pipeline, the meat supplier JBS and the chemical distributor Brenntag.
According to our analysis of 2021’s publicly disclosed incidents, there were 401 ransomware attacks last year, compared with 289 in 2020 – a 39% year-on-year increase.
The threat posed by ransomware has been compounded by organisations introducing remote or hybrid working solutions without properly addressing the associated security risks.
Many organisations fail to implement appropriate security measures and regularly test them to ensure their ongoing effectiveness, and their incident response plans – if they have any – are inadequate.
Cyber criminals, meanwhile, continue to find new ways to make use of the data they have compromised, often publishing it online if the victims do not pay a ransom.
But there has recently been newfound optimism regarding organisations’ ability to prevent ransomware attacks.
The White House unveiled new initiatives to combat ransomware, which includes a State Department programme that mirrors its anti-terrorism scheme in offering financial rewards for information that helps prevent or identify attackers.
Likewise, Microsoft, Amazon, the FBI and the UK’s National Crime Agency have joined the RTF (Ransomware Task Force) in giving governments recommendations to mitigate the threat of attacks.
In an 81-page report, the group calls for “aggressive and urgent action” against ransomware. They add that “more than just money is at stake [as] ransomware has become a serious national security threat and public health and safety concern”.
The RTF co-chair Jen Ellis said: “Citizens are being impacted by this every day. It’s having a huge impact on the economy and the ability for ordinary people to access critical services.
“Not only that but, really distressingly, the funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”
How to prevent ransomware attacks
The only real way to stop ransomware attackers is to avoid paying them.
Paying ransoms is rarely a good idea. By doing so, you confirm that you’re a viable target and encourage further attacks, plus you might not even regain access to your data anyway.
The Sophos State of Ransomware Report 2021 found that those organisations that paid a ransom got only 65% of their data back.
However, it’s easy to understand why some victims might feel it’s their only option, especially if they were unprepared for an attack and its effects.
So, what should you do to prepare for ransomware attacks and safeguard your organisation?
- Keep your technical security measures up to date
Ensuring your software is kept up to date with the latest patches will close known security vulnerabilities, and deploying anti-malware and antivirus solutions will identify the latest threats.
- Test for security vulnerabilities
A programme of regular vulnerability scanning and penetration testing will identify and test the extent of new security vulnerabilities as well as old ones that have been reintroduced into your systems, for instance as part of network changes.
- Back up, don’t pay up
Ransomware attackers rely on the simple fact that you need your data in order to work.
If you lose access to your data, you need to know that you have a recent, uninfected backup copy securely stored, either on a local device that’s isolated from your (infected) network, or in the Cloud.
- Train your staff
Most ransomware – like other types of malware – is delivered via phishing attacks.
Training your staff to understand this threat, and know what to look out for and what to do if they fall victim is essential.
- Deploy incident response plans
If you are unfortunate enough to fall victim to ransomware, you need to identify and respond to the attack as quickly as possible. Robust cyber incident respond management planning will ensure you can get back to business as usual.
Staff awareness is the key
The key to ransomware prevention is awareness. The tips we’ve outlined above only work if everyone in the organisation understands the threat of ransomware and the steps they should take to stay safe.
This is most likely to manifest in employees’ ability to spot scam emails, which often contain malicious payloads. But you also need them to follow other guidelines; you may have multiple people across the organisation responsible for patching software or backing up data.
You can provide your employees with the guidance they need with our Ransomware Staff Awareness E-learning Course.
The course helps staff understand the threat of ransomware using examples, and demonstrates what organisations should do if they fall victim.
It also explains the main forms a ransomware attack can take and how they can be identified. Plus, you’ll receive guidance on anti-malware software and how it it fits within your organisation’s policies and procedures.
