In the year 1989, Ransomware was introduced as an AIDS Trojan. Harvard-educated biologist Joseph L. Popp sent 20,000 compromised diskettes named “AIDS Information – Introductory Diskettes” to attendees of the internal AIDS conference organized by the World Health Organization. Since then, ransomware techniques have continued to evolve. The word ‘Ransomware’ also reminds us of one of the worst attacks, Wannacry. It exploded in May 2017, infecting more than 230,000 computers around the globe, affecting organizations such as hospitals, banks, and other public utilities.
Today, Cybercrimes are growing and ransomware is the biggest business and is one of the most feared and pressing concerns of any organization. In the year 2020, when remote working was only the option for many organizations, the companies saw a massive surge in ransomware attacks that significantly impacted remote work and weakened security processes. Attackers were found targeting government organizations, private companies, educational institutions, healthcare providers, etc. And now, 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis.
Ransomware can cause a tremendous impact in an organization including:
- Loss or destruction of crucial information
- Business downtime
- Productivity loss
- Business disruption in the post-attack period
- Damage of hostage systems, data, and files
- Loss of reputation of the victimized company
In the first half of 2021, 121 ransomware incidents have been reported and the average ransomware payment in 2021 increased by 82%. The worst ransomware attack in the past shows that every business needs to protect itself. While it is almost impossible to eliminate all risks of ransomware, there are a few things one can do to make the network a less desirable target. Usually, attackers are looking for high-value targets with easy-to-exploit vulnerabilities.
To stop the ransomware pandemic, we must start with the basics like, back up your system locally on a regular basis, restrict permissions, keep your systems and software regularly updated, and last but not least click on unknown links. As Ransomware continues to become more and more widespread, it is critical for CISOs to follow best practices to counter ransomware risk and avoid huge losses. There are a number of steps that companies can take to reduce the risk of a ransom attack. These includes:
- The most effective way to handle ransomware attacks is to use the 3-2-1 backup rule: keep at least three separate versions of data on two different storage types with at least one offsite.
- Train your employees on how to recognize phishing attacks as well as best practices such as not opening attachments or links in emails from unknown senders, checking link URLs, and never clicking pop-up windows.
- Use an intrusion detection system to cut off ransomware attacks in their early stages using continuous monitoring to detect signs of anomalous or malicious activity in real-time.
- Use robust access management to restrict unwarranted access and reduce the number of access points through which malware can enter your organization.
- Reduce the vulnerabilities in your operating systems, browsers, and other applications by regularly updating them.
Preventing a ransomware attack is possible, all one needs is a robust file system monitoring, alerting, and response solution in place. Businesses should consider implementing advanced ransomware protection as these solutions are equipped to block, mitigate, and alleviate cyber threats with technology that combines cybersecurity with data protection across all of today’s complex IT environments.
The above article is authored by Adrian Johnson, Director Technology of TechnoBind.
