If there’s one cybercrime that gives cybersecurity professionals and C-Suites nightmares – it has to be ransomware.
But aren’t ransomware attacks on the decline?
According to some reports: yes.
In 2019, 51% of organizations were hit by ransomware, and cyber criminals successfully encrypted the data in 73% of attacks. In 2020, the number of victims fell to 37%, and cybercriminals encrypted the data of only 54% of companies.
But despite such apparent good news, ransomware remains a serious cybersecurity problem. Here’s why.
Why Ransomware is a Serious Cyberthreat
Even though the number of ransomware victims fell from 2019 to 2020, organizations cannot afford to lower their guard. One reason is that individual attacks are becoming more costly. According to Forbes, in 2019, an attacked company spent $761,000 on remediation. This figure more than doubled to $1.85 million in 2020.
Lost revenues is another big problem, as UHS discovered in September 2020 when it lost revenues of $67 million following a ransomware attack.
Attackers are also demanding higher payouts. Between Q1 2020 and Q2 2020, the average ransom demand jumped 47%, from $230,000 to $338,669. Payouts also increased from around $80,000 in Q4 2019 to over $230,000 in Q3 2020. In H1 2021, the average payment climbed even further to a record $570,000.
Next, cybercriminals now target larger and more lucrative organizations. For example, in 2021, CNA Financial and JBS reportedly paid ransoms of $40 million and $11 million, respectively.
And now, ransomware is also causing human deaths.
Ransomware and the Grim Reaper
In September 2020, a clinic in Germany was hit by ransomware that crippled its critical healthcare systems. Following the attack, the death of a patient seeking emergency treatment was widely reported in the news. Although it was later established that she died of other causes, many believe that the attack indirectly contributed to her death. It’s already clear that ransomware attacks can be financially crippling for affected organizations. But this incident showed that they could also be deadly.
Earlier in 2019, a U.S. hospital was paralyzed by a ransomware attack, which eventually resulted in the death of a baby born during the attack. The attack compromised the hospital’s heart rate monitors, due to which the medical staff did not get the critical alerts that would have prompted them to take appropriate life-saving action. As a result, the baby suffered severe brain damage and eventually died nine months later. This disturbing event again shows that the cost of ransomware attacks goes beyond the financial to human.
The Future of Ransomware
In June 2021, Colonial Pipeline, the largest fuel pipeline in the U.S., was hit by a ransomware attack. Only one day later, the company paid a $4.4 million ransom in cryptocurrencies to the attackers. Eventually, U.S. law enforcement recovered $2.3 million of this amount, enabling Colonial Pipeline to contain the financial fallout of the attack.
However, not all attacked organizations are – or will be – able to mitigate the financial damage like Colonial Pipeline. Moreover, ransomware will remain a serious threat vector, particularly in industries relying on critical infrastructure, and for organizations that attackers consider more “lucrative,” such as:
- Energy companies
- Public transport providers
Even so, all organizations must guard against the risk of ransomware.
Staying Ahead of the Bad Guys
Attacked companies should not pay the ransom because payment does not guarantee that they’ll get their data back (even if they think otherwise). Proof: In 2021, 32% of organizations paid a ransom, but only 8% got all their data back.
In general, organizations can reduce their vulnerability to ransomware attacks by:
- Installing updated security software: anti-malware, antivirus and firewall
- Patching and updating all software
- Taking regular data backups
- Installing Endpoint Detection and Response (EDR) security software
- Educating users on ransomware threat vectors, including phishing and social engineering
Penetration testing and compromise assessments are two of the most effective ways to prevent ransomware attacks. A pen tester would proactively search for ransomware in the organization’s infrastructure and provide recommendations to help shore up its defences.
Between 2019 and 2020, global damages due to ransomware jumped from $11.5 billion to $20 billion. But you can protect your organization from attacks with penetration testing. Contact the Packetlabs team to learn more about pen testing or ask for a free quote.