Ransomware is a form of malicious software (malware) that steals sensitive information and locks up devices until a fee is paid, usually by the victim. Hackers typically use “ransomware” as a way to extort payment from people and companies. Ransomware typically arrives as an e-mail attachment, often disguised as a legitimate file that infects an entire computer network. From there, it can do anything from changing an admin password to locking the computer’s files, preventing access to email, and disabling business applications. That can happen right after a ransomware attack, or any time a user inadvertently downloads an attachment that contains a malware file. It’s important to look for the use of a command in the ransom note as well as the encryption method.
How is ransomware infecting businesses? Ransomware is built on the same technique as a typical computer virus: It infects a vulnerable computer system and encrypts all its data files, making them unreadable until the victim pays a ransom. The bad guys demand a small sum of money to restore access to the data and most victims can’t afford to pay up. Why is ransomware on the rise? While the number of ransomware attacks is lower than the number of malware infections overall, as in the other areas of cybersecurity, ransomware is a much more effective business threat than many people may realize, the report states. “A ransomware infection can lead to lost productivity and possibly even the permanent loss of a company’s revenue,” Fortinet said.
Fortinet recommends the following steps for organizations to protect against ransomware attacks: 1. Manage vulnerabilities: Learn how to patch software and applications to avoid the propagation of vulnerabilities that ransomware typically uses. 2. Use enhanced firewalls: Antivirus software and firewall settings can be adjusted to block malware, prevent automated execution, block access to malicious URLs and data, and collect network intelligence. 3. Implement dual authentication: Implement a two-step authentication process, where users receive a second code from a device or app before accessing sensitive data. 4.
Fortinet’s Derek Manky discusses the report and the threats posed by ransomware and how businesses can combat them. Related: How to Implement a Ransomware Prevention Plan (TechRepublic) What’s the rationale behind that? What was surprising about this study is that it found the majority of organizations worldwide are pretty much being attacked all the time—either at least once or potentially multiple times, with about one in five having been hit multiple times. So why does ransomware keep getting a bigger piece of the pie? Why isn’t it a smaller percentage? Ransomware has evolved in sophistication and effectiveness to the point where many organizations just pay up. One of the reasons is there are a lot of them out there.
(Press release) Global enterprises are not taking the right steps to protect against ransomware, and they’re doing so at their own peril, according to new research from Fortinet, a global leader in cybersecurity solutions. According to Fortinet’s Global State of Ransomware Report 2021 (PDF), released last week, two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times, and 16 percent have been hit three or more times. The latest report builds upon Fortinet’s inaugural survey of cybersecurity professionals in the U.S., in which nearly two-thirds of respondents were the victim of ransomware.
Close to half, or 49 percent, of those surveyed say they develop policies and procedures to deal with sensitive data, while 34 percent say they don’t. More than a third, or 38 percent, of those organizations aren’t familiar with how well they comply with General Data Protection Regulation (GDPR), while another 23 percent are not sure. “There is definitely a disconnect between perception and reality when it comes to companies’ understanding of their exposure to data breaches,” said Derek Manky, senior director, Security Products, Fortinet. “It’s clear that many companies are not prepared to deal with a ransomware attack. Our findings show that the number one issue organizations face when it comes to ransomware is not knowing how often it happens or where it is happening in their company.
It’s clear that not all organizations are immune from ransomware attacks, and you can learn from what they’re doing right and wrong. The infographic below gives a nice overview of some of the top things they should pay attention to, and warns of a few key points to watch for as well. Watch for Your Servers to Get Infested In many ransomware attacks, the infection begins with the infected computer connecting to a hidden email address. In the case of the Internal Crypto Ransomware attack in the U.S. last year, the infection began when a hacker compromised a computer in a company’s IT department and used that machine to send spam with a malware attachment. The infection spread as soon as the attachment was opened, allowing the hacker to upload the ransomware to other devices.
The report was conducted on behalf of Fortinet by Market Share Analytics, and polled 600 C-level and IT decision makers in North America, Europe, Latin America, and Asia-Pacific. It covers industries, including automotive, oil and gas, health care, manufacturing, retail, and utilities. Fortinet warns that many organizations simply haven’t taken the necessary steps to prepare themselves against a ransomware attack. “To prepare for a ransomware attack, there are five simple steps: back up your data,” it advises. “Back up data from one system to another in case a ransomware attack destroys or locks down the primary system. Then, restore that backup once your organization is confident its data is safe.
The stats show that most organizations are well protected from ransomware attacks. That’s partly because the average ransom demand is $1,149.97, which the report’s author believes is too low given how difficult it is to decrypt the files. Ransomware has become a significant security risk over the last few years, with many businesses becoming a victim of the ransomware attacks, usually, “unlucky” ones who are infected accidentally by a user of an infected employee’s personal laptop. Malware is not new to the world of cyber threats. The Internet Crime Complaint Center (IC3) estimated that cybercriminals made $1.7 billion in 2016 from ransomware alone, with victims typically being businesses.
If you aren’t actively taking measures to protect against ransomware in your business, the threat is real and now a risk that needs to be addressed. As you evaluate your cybersecurity program, focus on the top three steps: Develop an employee cybersecurity training program that focuses on the four W's — What, Where, When, Why. Facilitate employee education regarding malware, phishing and social engineering. Regularly scan systems for threats and include external resources in employee training programs. In addition, here are a few additional things you can do to prepare your business and your employees: Audit your internal business systems for unauthorized access and point-of-sale data loss incidents, such as the card breaches that have impacted retailers in recent years.
“Organizations that have recently been hit with ransomware attacks continue to suffer the consequences,” said Bill Cordes, senior vice president and general manager of enterprise security solutions, Fortinet. “They could have prepared, but they didn’t, and now they are paying the price. To avoid the consequences, it’s imperative to understand the actions that can help prevent a ransomware attack, because doing so can help decrease their severity and likelihood. Organizations can’t address the ransomware problem without an understanding of the threat, how it works, who’s likely to be impacted and how best to protect themselves. This report from Fortinet offers a wealth of information on that topic.