Cyberattacks can cost businesses and other targets untold damages by knocking services offline, vandalizing webpages, or breaching confidential user or other proprietary data. But while the financial cost to victims of these attacks can be vast, the attackers themselves don’t necessarily benefit from it. Unless, that is, they can find some way of monetizing an attack.
That is the implicit promise (and threat) of ransomware attacks. These attacks act as a modern day extortion racket: threatening targets with hacker-induced damage unless they agree to pay a ransom. In some instances, cybercriminals threaten to unleash the likes of a DDoS (Distributed Denial of Service) attack unless victims preemptively pay up to stop this from happening.
However, by far the most common ransomware attack involves malicious software that encrypts a user’s systems or files and only unlocks them again if the target pays for a decryption key that restores access to their information. Hackers will sometimes increase the ransomware demand at regular intervals, “encouraging” targets to pay as quickly as possible. If they do not pay by a certain date, they can lose access to their systems and files permanently.
Ransom demands are usually made in bitcoin or some other cryptocurrency, making it difficult to trace the criminals. Those without the proper protective measures, such as Role-based access control (RBAC) tools, can be left in serious trouble.
Ransomware attacks are becoming increasingly common
The first ransomware attacks took place decades ago. Since then, they have grown more commonplace and sophisticated. Today’s ransomware attacks are most commonly spread via malicious email attachments, downloads, or popups. Once files are downloaded and installed they will quickly spread throughout systems, encrypting files. In 2019, an estimated 187.9 million ransomware attacks took place worldwide. According to cyber-insurance experts, a massive 41 percent of North American insurance claims made in the first half of 2020 were ransomware-related. The sudden spike likely relates to large numbers of people working remotely due to the coronavirus pandemic. This has meant more reliance on remote access to files and systems, which has opened up new disruption opportunities for hackers.
There are many costs to an organization associated with ransomware attacks. The most obvious is the unasked-for downtime on the part of victims. If users aren’t able to access their files and systems, they are unable to get work done. Depending on what these files and systems are, the results could be anything from extremely frustrating to, in the case of critical files and systems for a hospital, life-threatening.
The calculus on the part of cyberattackers is that the money such an attack could cost in the long run is more than the amount of money they are demanding. Victims may therefore agree to pay to decrypt their files because it is the least bad of the two options.
The one thing worse than being unable to access your files
But inconvenience isn’t the only possible effect of ransomware attacks. Another spin on ransomware attacks involves not just encrypting user files, but also copying them to attackers. This snooping and copying is carried out prior to the encryption process, often when the ransomware attackers are determining which information to encrypt.
In these cases, if targets do not pay a ransom, attackers can sell — or leak for free — the stolen data. Companies targeted do not simply risk downtime from an attack, they could also see anything from customer information to confidential business information published online. This may be even worse than having their files encrypted. Not only can it reveal trade secrets and erode customer trust, but it can also result in additional fines if it is determined that companies have not properly safeguarded customer data.
There are certain proactive steps companies and other organizations can take to protect themselves against ransomware threats. Making frequent backups of critical files is a way of ensuring that losing access is not the disaster that it would otherwise be (although this will not protect you against the risk of having this information stolen.) Since some ransomware attacks may also be initiated by taking advantage of system or software vulnerabilities, it’s also important to make sure software is updated and patched regularly to protect against discovered bugs and security flaws.
Limit access wherever possible
One of the smartest anti-ransomware measures you can take involves employing strong access controls to limit attacker access. Ransomware can spread to critical systems once installed on a user’s computer, even if the files are not ones that the individual user is necessarily responsible for. (Think high level critical files when the person who downloaded the ransomware malware may only be a junior admin employee.) Particularly when an organization has many users or employees with system access, the risk of ransomware attacks is increased (due to the number of users), while the potential damage can be greater (due to the ability to quickly spread through a multi-person system or network).
By using Role-based access control (RBAC) tools, you can protect against this by granting specific access controls to employees or users that specify the files and areas they are able to access, modify, and read. Doing this can help protect sensitive data, while making sure that employees only get access to the information they need in order to carry out their jobs.
Left unchecked, ransomware attacks can be extremely nasty for organizations to deal with. However, by taking the right steps you can protect yourself against the worst case scenario. It’s one of the smartest cybersecurity steps you can take.
