Ransomware is an increasing risk to businesses around the world. This Touchstone Security guide will explain what ransomware is, and why the rise of Ransomware as a Service is putting many organizations increasingly at risk. This isn’t due to some new variant of code that is particularly damaging. Instead it’s due to the fact that Ransomware is now much more accessible than it ever has been before.
What is Ransomware?
Ransomware is a type of malicious software, or malware, that encrypts a victim’s files. It locks them out of their vital data until a ransom is paid to the hacker. Unfortunately, sometimes even after the ransom is paid, the hacker will not release the encrypted files. For this reason, the FBI recommends against paying ransoms. Ransomware can cause costly disruptions to an organization, resulting in loss of sensitive files and customer data.
Even worse, victims will often have no idea they have been compromised by a ransomware attack until it’s too late and they can no longer access their data or see pop-up messages demanding a ransom payment. Ransomware is often distributed through email attachments or links. Hackers use ransomware to exploit unsuspecting users or networks with unpatched, insecure devices storing sensitive information. Any business or user can become a target for ransomware. However, organizations that store sensitive data like municipal governments and healthcare organizations are often targets. When impacted by ransomware, an organization has two choices:
1. Pay the ransom (either out of pocket or through cyber insurance) and hope you get your files back.
2. Don’t pay the ransom, and try to restore your data from secure back-ups.
One of the most infamous examples of ransomware is the WannaCry ransomware attack of 2017. WannaCry ransomware infected computers all over the world by targeting users running Windows operating systems. The malware then encrypted the data on these devices and demanded ransom payments in the form of Bitcoin. Microsoft had previously released patches to combat the vulnerability that WannaCry ransomware exploited to gain access to their systems; however, many users neglect to patch their devices regularly.
Interestingly, WannaCry targeted a vulnerability that had already been fixed by Windows. The reason that so many computers were infected was due to lax patching rather than vendor incompetence. WannaCry ransomware was distributed to devices in over 150 countries in just a matter of hours. National Health Service hospitals in the U.K. were compromised by WannaCry and taken offline, causing over 113 million dollars in damage and resulting in over 19,000 patients’ appointments being canceled. The NHS was criticized for using outdated I.T. and security systems along with Windows operating systems that were past their end-of-life stage.
Why Do Attackers Distribute Ransomware?
Ransomware has become incredibly profitable for cybercriminals. As of 2020, experts estimate ransomware costs the U.S. over $7.5 billion. This included 113 governments and agencies, 764 healthcare providers, and up to 1,233 individual schools affected by ransomware in the U.S. Cities including Baltimore and New Orleans were hit particularly hard in 2019. Baltimore was forced to pay $18 million in recovery costs. The previous year, Atlanta spent about $17 million in total recovering from a similar attack after refusing to pay.
Some cities affected by ransomware in 2019 chose to pay the ransom, and some cities decided to rely on their cyber insurance to cover the damages. However, most cyber insurance companies will not tell you that your rates will go up dramatically after a claim.
What is Ransomware as a Service?
Like any IT product, ransomware has become commoditized as well with the rise of Ransomware as a Service (RaaS). RaaS allows attackers who may lack the technical expertise to design custom ransomware to attack organizations or individuals in order to solicit payments. By commoditizing and selling Ransomware as a Service, attackers can ensure they are always paid whether the victims pay or not.
Those who leverage Ransomware as a Service get the benefit of being able to easily deploy highly-damaging ransomware without a large degree of technical knowledge. Unfortunately, this trend has further accelerated the rise of ransomware and the damage it causes businesses. All an attacker has to do is choose their targets and find a method of distribution to cause damage across a wide array of industries.
How Can You Prevent Yourself from Becoming a Victim of Ransomware as a Service?
Protecting yourself against Ransomware as a Service is essentially the same as protecting yourself against ransomware attacks more broadly. While Ransomware as a Service enables a new host of threat actors to launch attacks against businesses, it doesn’t enable them to increase their chances of bypassing an effective cybersecurity program. Here are a few basic steps you can take to protect yourself against Ransomware as a Service.
User Security Training
End-User Security training involves providing regular live and online training sessions to your company’s employees. These training sessions should include lessons regarding common cyber attacks and methods of distribution. Particular focus should be paid to training users on how they can prevent phishing emails.
Advanced Endpoint Protection
The truth is, antivirus just doesn’t cut it anymore. Your organization should be employing advanced endpoint protection to significantly reduce your risk of suffering a substantial security incident. Advanced Endpoint Protection monitors laptops, servers, and desktops in real-time to detect malicious code. It will then either block the malicious code or alert your security team.
Clear Policies and Procedures
Your organization should have crystal clear security policies and procedures. Many organizations make the mistake of thinking that these are a waste of time or “useless paperwork”. They are quite the opposite. Policies and procedures provide your company critical guidance in the event of a data breach or a ransomware attack.
Routine Vulnerability Patching
Make sure to keep your software patched. In many cases, Ransomware as a Service operators rely on unpatched servers or endpoints in order to infect a company. Software vendors provide routine patches that mitigate vulnerabilities and can help keep your organization significantly safer. Make sure to communicate with your sysadmin to ensure you are keeping up with best practices for patching.
Find out more steps you can take with our Small Business Cybersecurity Guide. If you would like to build a proactive cybersecurity program, Touchstone Security can help. Our staff has helped many organizations ranging from small businesses to Fortune 100 companies build effective security solutions that can reduce the risk of suffering from a ransomware attack. Request a call with us using the link below.