Ransomware i.e. a malicious software that uses encryption to hold data for ransom, has become one of the key threats for organizations over the last few years. As per the global survey conducted by cybersecurity firm Sophos, ‘The State of Ransomware 2021’, 67% of Indian organisations whose data was encrypted paid to get their data back.
Further, the approximate recovery cost from the impact of a ransomware attack tripled in the last year, up from $1.1 million in 2020, to $3.38 million in 2021. However, paying up often doesn’t pay off. Entities in India that paid ransom got back on average only 75% of their data.
Why is Ransomware a big threat?
From local government entities to large organizations, ransomware attacks are everywhere. It’s a fairly simple type of malware but is extremely damaging. Once it enters a system, the malware accesses and encrypts the victim’s files. As ransomware uses modern encryption technique, it is extremely difficult to retrieve the files without the access to the decryption key. Since the ransomware operator is the only one with access to this key, the victim is forced to pay the ransom. In addition to the ransom, the victim also needs to bear the cost of interrupted business, replacing the infected machines and putting in place protection to prevent an attack in future.
Overall, ransomware can have an even bigger impact on an organization than a data breach, but Gartner research estimates that more than 90% of ransomware attacks are preventable.
10 tips to protect against Ransomware in 2022 & beyond
1. Set up a firewall: It is a secure host that acts as a barrier between your internal network and outside networks. You can set up a firewall system to protect the resources in your network from outside access.
2. Take periodic data backups: Backups can help to bypass the ransom demand by restoring data from a source other than the encrypted files. However, one still needs to remove the ransomware from the network once the backup is restored.
3. Conduct cyber awareness training: Employees are often the biggest security risk for the organization. Awareness training enables them to follow best security practices to prevent phishing or ransomware attacks.
4. Improve your email security: This is crucial to combat the threat of phishing or social engineering attacks that eventually lead to ransomware attack. Consider deploying third-party email scanning or anti-phishing tools to identify and isolate attempts of an attack.
5. Enforce strong password security: In the absence of a strong password, attackers can easily make their way into a system. Further, they can leverage the access to move laterally throughout the network for the purpose of deploying ransomware.
6. Build endpoint protections: Antivirus software alone isn’t sufficient to provide protection against cyber threats. Organizations need to ensure that they are appropriately protecting endpoint devices using an Endpoint Discovery and Response (EDR) solution and other technologies.
7. Implement a strong Bring-Your-Own-Device (BYOD) policy: Unregulated use of personal devices poses an unnecessary risk to your network. A robust BYOD policy must be put in place to minimize the risk of cyber-attacks.
8. Update patches for operating systems and applications: In the absence of a patch, malicious actors can exploit a vulnerability in your system
9. Integrate content filtering tool: It is part of an internet firewall that helps block access to web content and incoming content such as email that may be threatening to system security. The tool also screens executable files that install new software in the system.
10. Implement ‘Zero Trust’ security: It’s a security framework wherein all users, within or outside the organization’s network, are required to be authenticated and authorized for security configuration. It uniquely addresses the modern security challenges including ransomware threats.
The above-mentioned tips can help you to avoid being in a position where the only way to recover from an attack is to meet the criminal’s demands.
Wrapping up: Should you pay the ransom?
Paying the ransom is a big risk as there is no guarantee that you’ll get your data back or the hacker will not sell your data after the payment. Further, it only encourages and funds these attackers. Instead of paying hefty amount as a ransom, organizations should proactively invest into beefing up their cybersecurity. As they say, the cost of cybersecurity is always less than the cost of cyber-attack.
The article has been written by Neelesh Kripalani, CTO, Clover Infotech