So, What’s the Big Deal About Ransomware?

Jul 20, 2021 | Security

Thanks to the recent Colonial Pipeline and JBS cyberattacks (and their subsequent impacts), you’re probably encountering the term ransomware more than you used to and it’s not hard to see why – the number of successful ransomware attacks is rising dramatically. The bad actors watch the same news you do. And they are exploiting a variety of social, economic, and psychological weaknesses exacerbated by civil unrest, porous cybersecurity postures, and the COVID pandemic. Comprehending these vulnerabilities is essential to your livelihood because here’s the truth – if you own a computer, you are potential prey. Now, more than ever, is an ideal opportunity to take a closer look ransomware and what we can do to defend against it.

What Is Ransomware?

Before learning how to fight ransomware we need to know what it is. According to the Cybersecurity and Infrastructure Security Agency (CISA),“ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” It is a specific type of malware or malicious software that is used to extort money from victims by holding their information hostage in exchange for payment, usually in cryptocurrency. After successful encryption, malicious actors will either threaten to delete the data on the machines or sell exfiltrated data if their demand for payment (usually in cryptocurrency) isn’t paid. Effectively, your data is taken hostage.

What Dangers Does Ransomware Pose?

Let’s look at some of the devastating side effects of a successful ransomware attack.

Loss/leak of corporate and client data

If the bad guys have enough of a toehold in your systems to lock it down, there’s no telling how much information they have already stolen. And even if you pay the ransom, there’s no guarantee you’ll gain access to the data again. According to some studies, only 8% of the corporations who paid the ransoms got all their data returned.

Damage to company reputation

Getting breached is never a good look for a company, but not knowing exactly what was exfiltrated and sold makes the optics even worse. Plus, if the company provides essential goods like Colonial or JBS, the commodities will rise in price – which consumers won’t appreciate.

Financial loss

As of April of this year, the average ransom payment is little over $170,000. The current average cost for a full remediation is close to $2,000,000.

Complete shutdown of business operations

If you don’t have the encryption key, you won’t have access to anything until decryption or new systems or prepped.

Total business collapse

The remediation and ransom costs in addition to lost revenue might be enough to sink your company.

How Can You Defend Your Business Against Ransomware?

With potentially company-ending consequences on the line, how do you defend against those wishing to do harm to your company? Let’s look at just a few ways to shield yourself.

Invest in cybersecurity training

Know how the bad guys work. Learn the vulnerabilities they exploit. And embrace a company-wide, security-first mindset.

Assume breach mentality

Conduct every day like someone is already in your systems. This will help curtail bad security habits and keep you prepared for an eventuality that might never surface. But it’s better to be prepared!

Protect your emails with a filter

Bad actors routinely find ways to be invited in to wreak havoc via absent-minded clicks on “innocuous” attachments. Keep your inboxes locked down as much as possible to avoid a foothold.

Craft a remediation plan

Fortune favors the prepared, right? Cybersecurity is no different. Have a definitive response and recovery strategy. If the worst occurs, you’ll be ready to get your operations up and running as quickly as possible.

Back up your backed up backups (offline if possible)

Backup. Backup again. Then backup some more. Did we mention backing up? Be sure you have a copy of all of your essential data and keep it offline, offsite and encrypted if possible.

Keep your software patched and up-to-date

Everything from browsers to line of business applications can prove devastating attack vectors if not properly serviced. Be sure to pay close attention to new software releases, as well as reports on the latest zero-day vulnerabilities for all the apps your business utilizes.

Axxys Can Help You!

And you don’t have do any of this alone. Consider making Axxys a partner. Our personable and professional staff will provide cutting-edge cybersecurity training, monitor your network for potential threats, patch and secure your digital assets, help you develop remediation options, and make sure your data is backed up thoroughly. So when the bad actors want to take your data hostage, they’ll have to get through us and our processes first.

Additional Resources:

Recent Posts

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

Do you ever miss the stories that started “back in my day”? I used to spend weekends at my grandpa’s house helping with chores like mowing the yard or running around the chicken coups. We’d watch black and white western shows on television and then he’d tell me about...

What is and why you need a SIEM/SOC

What is and why you need a SIEM/SOC

Everyday, countless businesses are targeted for attack by malicious hackers. It’s no longer a matter of if. This was highlighted by an experiment run by Sophos, a data security company. Sophos sought to identify how quickly attackers would be able to identify a...

The Modern Digital Warzone

The Modern Digital Warzone

Cybersecurity often shares many comparisons to military and borrows many concepts and terminology from the forces. For example, the Lockheed Martin Cyber Kill Chain is borrowed from a military concept related to the structure of an attack consisting of target...

Do You Secure Your Lawn?

Do You Secure Your Lawn?

Do you secure your lawn? No, I don’t mean from the likes of “Dennis the Menace”, and hopefully you’ve never uttered the phrase “you darn kids get off my lawn!” But believe it or not, there are some similarities between caring for your lawn and cybersecurity....