Ransomware works primarily by encrypting files on the victim's infected system, rendering them inaccessible to the user. The attacker then demands a ransom, which is usually paid in cryptocurrencies such as Bitcoin.
A recent survey by Zscaler [PDF] shows that there has been a huge increase in ransomware activities and this year is projected to be a record year for ransom payments.
Ransomware typically affects organizations that rely on immediate access to critical data, such as hospitals and municipal agencies.
Why the rise in ransomware activities?
This increase is largely attributed to a strategy known as “big game hunting,” in which cybercriminals target fewer but more important entities and extract much larger sums than before. The largest ransom ever recorded is a staggering $75 million payment made to a ransomware group called Dark Angels by a Fortune 50 company.
Victims of ransomware attacks are often faced with the difficult decision of paying the ransom to regain access or risk losing data permanently. If the ransom is not paid, attackers may threaten to destroy or publicly leak sensitive data. While paying a ransom may seem like the quickest way to recover data, it is generally not recommended because it perpetuates the cycle of cybercrime.
Many organizations choose to negotiate with attackers through third-party incident response or cyber insurance companies, often using cryptocurrency for payments. However, paying does not guarantee recovery and there is always the risk of future attacks or data exposure.
Moreover, the normalization of ransom payments leads to an exponential increase in ransom demands. Last year, most attackers demanded less than $200,000, but by June this year, the average ransom demand had increased to approximately $1.5 million.
Refusing to pay a ransom sends a message against the profitability of cybercrime. However, organizations must be prepared for the potential consequences, including the possibility of data leaks. Experts recommend contacting cybersecurity professionals to assess the situation and determine the best way to proceed, including evaluating backup options and the potential impact of data exposure.
“Ransomware has recently emerged as the biggest cyber threat to organizations. It continues to spread and target a variety of businesses, from hospitals to oil pipelines, to take advantage of the fear of business disruption and data loss,” said Vakaris Noreika, Chief Product Officer at NordStellar. “Whether or not to pay a ransom is the most difficult question that businesses affected by cyber extortion must answer when faced with the prospect of permanently losing access to their information.”
“Companies that agree to pay a ransom should not be blamed as victims, as they must have gone through a huge moral dilemma, and giving in to threat actors must have been the last resort to restore their business and protect their customers’ reputation,” Vakaris Noreika added.
However, organizations can mitigate ransomware attacks by implementing a couple of cybersecurity measures.
One of the most fundamental steps is to use antivirus software and firewalls to protect all devices and networks in the organization. This helps prevent malware infections that can lead to ransomware attacks.
Additionally, it is critical to keep all systems up to date with the latest software patches and updates, as cybercriminals often exploit known vulnerabilities in outdated software. Employee training is another critical component of a comprehensive ransomware defense strategy. By training staff on how to recognize and avoid phishing attempts, organizations can significantly reduce the risk of unauthorized access to their systems and networks.
Regular backups of important data are also essential to ensure that organizations can restore their systems and data in the event of an attack. Encryption is another powerful tool in the fight against ransomware. By encrypting sensitive information, organizations can protect their data from unauthorized access, even if it is stolen during an attack.
Finally, in the unfortunate event of a ransomware attack, organizations should cooperate with law enforcement and cybersecurity experts. By reporting the incident and sharing information, organizations can help law enforcement track and prosecute the perpetrators, while also receiving guidance on how to mitigate the damage and prevent future attacks.