The adage, "an ounce of prevention is worth a pound of cure" holds especially true in regard to malware infections and ransomware attacks, which have become one of the most significant cyber threats individuals and organizations face today.
Ransomware attacks are not a new issue, but are surging in popularity and gaining cybersecurity experts' attention due to their detrimental impacts. According to a report by Verizon, ransomware attacks increased dramatically in 2022 and accounted for 25% of breaches reported. Additionally, a 2022 Sophos report showed that ransomware affected 66% of organizations in 2021, a 66% increase from the prior year. Notably, these statistics are only as good as the data, and many compromises may go unreported.
VirusTotal released a report indicating that since 2020, over 130 ransomware strains have been detected, including familiar variants such as Wannacry, TeslaCrypt, CryptoWall, and others. Cybercriminals use various techniques to launch ransomware attacks, such as phishing emails, exploiting vulnerabilities, and social engineering with success.
While the number of variants and compromises continues to increase, individuals and organizations must maintain awareness of the latest ransomware trends and tactics, follow sound cybersecurity practices, and understand the basics behind malware and ransomware.
Malware and Ransomware 101
At a high level, ransomware can encrypt files on a user's or organization's systems and deliver the cryptographic keys to a threat actor. Malware authors often implement robust encryption algorithms that are mathematically unsolvable in a realistic timeframe. As a result, once the files are encrypted, they are rendered inaccessible without access to the decryption key, which the attacker holds for ransom.
The fallout from ransomware attacks can have lasting impacts, including the loss of intellectual property and financial or operational damage to the victims. In addition, these attacks can also cause significant downtime throughout the recovery process, resulting in lost productivity, revenue, and reputational damage. Some ransomware attacks have even resulted in the public release of sensitive information, leading to additional legal and regulatory consequences. While the cost of paying a ransom is easily measurable, these other damages are more difficult to account for, especially considering the long-term impacts.
Attack Prevention Advice
To prevent ransomware and malware attacks, the FBI recommends several best practices. First, end-users should be highly alert for email, phone, and other phishing attempts. Simple best practices, such as not opening attachments/links in unsolicited emails, can go a long way in mitigating phishing attempts. It is equally important to keep all software, operating systems, apps, and anti-malware solutions up to date. If an attacker delivers a malicious file to an endpoint, the success rate of further compromise falls off dramatically compared to one not running the latest versions.
Regular offsite or cloud backups are an effective strategy for minimizing the impacts of a ransomware infection. System administrators can recover crucial files and data with up-to-date and accurate backups, although it can be a time-intensive process. Additionally, contingency planning for business continuity and regular testing of disaster recovery plans can be beneficial in estimating the cost of recovery from a ransomware attack. However, backups are not foolproof, as some attackers resort to multi-extortion approaches. In these scenarios, the attackers threaten to leak sensitive data about the individual or organization if the ransom is unpaid.
Along with following best practices and due diligence, reporting any cyber-attacks can help law enforcement to track and disrupt criminal networks, and slow the propagation of similar incidents.
Ransomware attacks pose a significant threat to individuals and organizations alike. Monetary and intellectual gains fuel cybersecurity criminals in their efforts, and the threat landscape will continue to evolve accordingly. It is imperative to take proactive measures to prevent ransomware attacks, such as keeping systems up to date, regularly scanning for malware, and backing up data. By following these best practices, individuals and organizations can significantly reduce their risk of falling victim to ransomware attacks.