The State of Ransomware 2020
Ransomware attacks have been part of the cybersecurity landscape for some time. However, they have intensified, dominating the IT news headlines. Large, established organizations have been the victims of ransomware. To understand the severity of the issue, we’re breaking down the state of ransomware in 2020.
What Is Ransomware and How Does It Impact Data Accessibility?
Ransomware describes a cyber-attack wherein malware attacks a network. The attack causes organizations to be unable to access their data. Cybercriminals encrypt files from your systems and hold them for ransom, demanding money to release the files.
How do cybercriminals attack with ransomware as an objective? There are many ways, with most being malicious links or attachments sent via email, remote server attacks, public cloud misconfigurations, and third parties.
The Proliferation of Ransomware
Cybersecurity is critical for any business, no matter the size or industry. Cybercriminals are always looking for ways to attack, and many do it as a moneymaking venture. Hackers that cause breaches seek to sell the data on the dark web. Those employing malware to block data access count on companies being ready to pay a ransom.
In 2020, the rise of ransomware has been troubling, with many large enterprises as victims. Many contribute this to companies storing data in the public cloud. It’s easy to think that large companies have all the resources and tools to prevent such things, but that’s rarely the case. There are best practices to protect against ransomware that any organization should use, focusing on proactive prevention.
2020 Numbers and Key Findings
There are many studies and data sources relating to ransomware, and they all paint a less-than-ideal picture of the epidemic.
According to a report from Sophos, which surveyed 5,000 IT professionals in 26 countries, 51% of organizations were hit by ransomware in the last year. This is an actual decline from 2017; however, it’s not all good news. It’s really a change in tactic, going from “spray and pray” desktop attacks to server-based ones.
The impact of ransomware includes many consequences. First, there’s the cost of essentially being operationally frozen if you can’t access your data. You could be dealing with downtime losses, with employees and customers unable to function. The cost of this is real dollars and reputational ruin.
Some organizations do pay the ransom, approximately 26%, as per the Sophos study. Furthermore, the final average cost to remediate ransomware is $505,827 for companies with 100-1,000 employees and $981,140 for those with 1,000-5,000 employees. Those numbers don’t include paying the ransom. For those that do, the figure grows to $1,448,458.
Recent Ransomware Cases
There have been some high-profile ransomware cases in the past year.
City of Baltimore
The city of Baltimore suffered a RobinHood ransomware attack in May 2019. First, the Department of Public Works’ email service went down, then the Department of Transportation was unable to process vehicles. Eventually, hackers gained control of the city’s online infrastructure and submitted a ransom, asking for bitcoin, totaling around $76,000.
However, the city did not pay the ransom. The final cost was much greater, estimated at over $18 million, including remediation and revenue losses. The city defended its decision not to pay the ransom, citing they don’t “reward criminal behavior.”
In April 2020, Cognizant, a provider of IT services, confirmed it was the victim of the Maze ransomware. The attack caused the deletion of their internal directory and disrupted service to customers. By May, they announced the attack as contained but did not disclose if they paid a ransom. However, their Q2 2020 results revealed a revenue decline of 3.4%, which was at least, in part, attributable to the attack.
Travelex, a global foreign currency exchange service, experienced a ransomware attack at the end of 2019. They lost control of their data, crippling their operations. The company chose to pay the ransom of 285 bitcoins, worth about $2.3 million. It took weeks to get some systems back up and running. This incident and losses, coupled with the pandemic, forced the company into bankruptcy.
R1 RCM Inc.
A ransomware attack occurred at one of the U.S.’s largest medical debt collection agencies, R1 RCM Inc. KrebsOnSecurity reported the incident in August, attributing it to the malware Defray. The company would only comment that it took its systems down in response to an attack but did not provide any further details.
Protecting Against Ransomware
To protect against ransomware, start with the assumption that it will happen. Approach your cybersecurity risk plan with this in mind. In this plan, include these best practices:
- Invest wisely in anti-ransomware technology that works to halt unauthorized encryption; this is a safety net for post penetration that can stop it immediately.
- Devise a robust data security plan. Wherever you store data — public clouds, private clouds, hybrid, on-prem servers — you must follow protocol on keeping it secure, no matter where it sits.
- Make regular backups of everything and store it offsite. Should you face an attack, it’s only detrimental if your data is gone. Backups prevent this from happening and enable business continuity.
- Conduct regular penetration testing. With ethical hacking, you can best determine your defenses and where the weaknesses remain.
- Use a layered approach to cybersecurity. You need multiple defenses to thwart the action of cybercriminals. They’re always looking for your vulnerabilities. Know what they are before they do so you can strengthen any gaps.
- Educate your employees about cybersecurity. Most ransomware still starts from a link or attachment in an email. Make sure every staff member has training and that the training is ongoing.
Have Ransomware Concerns?
Our cybersecurity experts can help you develop a plan that gives you the best opportunity to prevent ransomware. Contact us today to learn about how we help keep businesses, their data, and infrastructure safe.