The Rising Cost Of Malware
In today’s ever-evolving and tech-savvy world, cyber threats are an unavoidable reality. Cybercrime affects businesses regardless of their size, business focus, or cybersecurity budget. These threats are frequently complex as cybercriminals deploy new and advanced tactics to exploit business networks for monetary gain.
One of common and damaging ways cybercriminals target businesses are via ransomware attacks, which are among the most expensive cyber threats organizations encounter. In fact, sources mention that by the first quarter of 2020, the average enterprise ransom payment was $111,605.
The extent of ransomware attacks against commercial entities has grown significantly. Emsisoft, a security firm that assists companies hit by ransomware, reports that ransomware strikes attacked 205,280 organizations in 2019, a 41% increase from 2018. And while many organizations understand the significance of preparing for attacks such as these, few realize the mechanics of ransomware attacks and the true extent of the destruction they can cause. According to Emsisoft assessments, nearly half a million ransomware infections were recorded globally last year, costing organizations at least $6.3bn in ransom requests alone.
With the average ransom demand around $84,000 and approximately a third of firms paying up, Emisoft calculated minimum global costs at $6.3bn and a higher figure at $25bn. Similarly, according to a latest report from Coveware, the average price more than doubled in the final quarter of 2019: a typical total now stands at $84,116 and that’s a little over double the earlier figure of $41,198.
It’s not just the result of cyber criminals needing steeper ransoms, though that’s absolutely one factor. Others involve hardware replacement and repair costs, lost earnings, and, in some incidents, damage to the victim’s brand. These costs all increase distinctly concerning the sophistication and span of the attack.
There’s a new risk affiliated with ransomware infection that could make a recovery even more costly. Cybercriminals are no longer satisfied to encrypt their victims’ data and command payment for its decryption. They are now downloading duplicates of those files and threatening to release them if the ransom isn’t handled publicly. Coveware notes that “this new complication brings forth the possible costs of 3rd party claims as a result of the data breach.”
Samples of some high-profile ransomware attacks
A steadily expanding list of victimized companies have reported that other costs connected with an attack—downtime, missed sales opportunities, angry clients, the amount of attack mitigation and recovery, loss to company brand reputation, fines for unmet contractual obligations to customers, and penalties for non-compliance, make the cost of the ransom look little.
Here are just a few instances:
The United Kingdom’s National Health Service (NHS): The WannaCry worldwide crash, which afflicted over 200,000 computers in over 150 countries, brought hundreds of NHS facilities to a halt for several days, resulting in the abandonment of thousands of operations and appointments and the desperate relocation of emergency patients from stricken emergency centers;
Erie County Medical Center (New York, USA), which squandered access to 6000 computers, demanding six weeks of manual operations and a recovery process that eventually cost US$10M;
Danish transportation and logistics behemoth Maersk suffered $300M of business interruption due to a ransomware attack. The downtime forced a 20% decrease in its shipping volume when it had to fall back to manual operations during the restoration effort, which required Maersk to re-install 45,000 PCs, 4000 servers, and 2500 applications over ten days.
More alarming facts about ransomware’s hidden costs
Industry researchers have stated some scary facts and statistics about the cost and recurrence of ransomware attacks:
According to the Tech Transformers, ransomware strikes costs smaller companies an average of $713,000 per episode, a combination of the cost of downtime and lost business due to reputational harm;
Retrieving files from backup and restoring encrypted systems is often easier stated than done. According to Intermedia Research, almost three out of four companies affected with ransomware suffer two days or more without access to their files. About 30% go five days or longer without access. The current ransomware attack on the City of Atlanta (Georgia, USA) found it inadequate to access its systems after nearly two weeks;
Ransomware is predicted to attack one business every 14 seconds by the end of 2019, up from every 40 seconds in 2018. As per other statistics, 71% of companies targeted by ransomware attacks have been infected, and half of the strong ransomware attacks infect at least 20 computers in the business.
How ransomware became a malware plague
The reasons for the accelerated growth of this category of malware are essentially attributable to its development from a one-time cottage industry to a contemporary, criminal version of the software-as-a-service business. Ransomware gangs mimicked the model of tech vendors like Salesforce.com, constantly and rapidly developing and enhancing their product and relying on a network of Internet-based “distributors”, lower-level, comparatively unskilled criminals who are pushing the malware onto as many machines as potential in return for a cut of the ransom, to bring their product into the marketplace.
These illegal front men use various techniques to propagate ransomware attacks, including sending out phishing emails with infected web links or attachments, putting bogus online ads that lead users to fake websites that secretly download malware to anyone that visits them.
Meanwhile, the highly skilled back-end developers labor to produce new variants that can employ operating system and application vulnerabilities, take advantage of careless end-users, and evade anti-virus software and other defenses designed by the IT security industry. They also build complicated distribution, monitoring, notification, and payment foundations, which they make available to their “distributors” without charge. All anyone requires getting into the ransomware distribution racket is moral compliance, a browser, and an Internet connection to reach these easy-to-use tools, start spreading ransomware around, and begin extorting cash from sacrifices. It’s called ransomware-as-a-service.
Fighting back against ransomware
In the wake of this rapidly growing threat, businesses and public institutions can take strong steps to protect their systems from the operational interruptions and high costs of ransomware attacks. Step one is to start educating workers on the techniques that ransomware distributors use, directing them to be cautious about the online advertisements and email links they click, the websites they visit, and the attachments they expose.
71% of businesses targeted by ransomware attacks have been infected, and half of the strong ransomware attacks infect at least 20 computers in the company.
Good network and security regimen standards remain important, like segmenting networks to make it more difficult for ransomware to spread from system to system, hold endpoint anti-malware software up-to-date, and a patch has identified vulnerabilities in operating systems and applications as quickly as feasible.
Airgap Defense: Airgap’s Zero Trust Isolation technology blocks all unauthorized lateral movement within the network.
Finally, given the high-resolution rate of ransomware attacks, it is imperative to institute a severe backup regimen and keep multiple copies of critical concern and patient data locally, offsite, and in the cloud. Routine, frequent backup persists as the most foolproof defense against ransomware. If your systems are jeopardized, you can identify the attack’s onset and repair your systems from clean backups created before the incursion.
Airgap Defense: Airgap prevents any lateral scanning attempt. If under Zero Trust, an intruder breaches the perimeter controls, compromises a misconfiguration, or bribes an insider, they will have extremely restricted access to sensitive data, and safety measures would be in place to identify and respond to suspicious data access before it becomes a threat.
To avoid becoming martyrs of the next widespread ransomware attack, businesses and public organizations will have to deploy the basic measures and consider deploying leading-edge technologies for ransomware defense.
References: