In 2021, there was a significant increase in the use of ransomware against organizations in the United States, the United Kingdom, and Australia.
Ransomware is malware that encrypts users’ data and grants network access to threat actors. Once they have access to an organization’s data, they threaten to leak sensitive information and halt business operations until the victim pays a ransom, hence the name.
Unfortunately, paying the ransom does not guarantee that the threat actor will unencrypt your files or keep your data secure. In fact, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) does not recommend paying ransoms at all, since the more profitable ransomware is, the more common and complex it could become.
Instead, CISA – alongside the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the Australian Cyber Security Centre (ACSC) – has specific recommendations for how to prevent ransomware attacks and minimize their impact.
The increase in ransomware attacks can be attributed to the COVID-19 pandemic in more ways than one: First, the use of cloud networks by businesses, government bodies, and schools has made sensitive information and critical infrastructure accessible to bad actors on the web. Second, the pandemic has lowered the income of many households as lockdowns and supply-chain issues have persisted, making online illicit activities – like the use of ransomware – a more accessible way of earning money.
As ransomware has become more profitable and accessible, ransomware enterprises have become more complex. There are now entire organizations with customer support services that walk victims through the process of paying the ransom and unencrypting their files.
These enterprises have increased their profitability by selling stolen data to other scam artists. That means that once a victim’s data has been stolen, multiple criminal organizations could use it to threaten and extort them.
The most common strategy threat actors employ is phishing. Phishing is a fear tactic in which cyber criminals pose as a legitimate entity – such as the IRS, law enforcement, or antimalware software – and contact individuals to inform them of a problem – say, an issue with their most recent tax filing, an arrest warrant, or most ironically, a security breach in their network.
To address the problem, they tell users to click on a link, which then downloads ransomware onto the user’s computer, giving the threat actor access to their data and network.
Here are the measures that CISA, ACSC, and NCSC-UK recommend an organization take to prevent ransomware attacks:
Most importantly, they recommend not paying the ransom, since that would encourage cybercriminals to continue using ransomware to extort money.
Should ransomware breach your organization’s network, it is important to act fast and follow these best practices:
While ransomware has become more commonplace in the era of working from home, your organization can take steps to prevent and recover from attacks. By quickly responding to security breaches and reporting them, you minimize both their impact on your organization and the likelihood that they will strike again.