Ransomware continues to take the world by storm, becoming one of, if not the most prevalent attack methods implemented by malicious actors. Some key statistics around Ransomware include a worldwide cost of $20 billion in 2021, and potentially up to $265 billion by 2031. Ransomware has also impacted 37% of all businesses and organizations in 2021 and on average includes recovery costs of nearly $2 million.
For those unfamiliar, Ransomware is an attack where organizational data is encrypted and payment demanded for its decryption. It can occur through numerous methods, such as malicious files, links, system vulnerabilities, and more. It can be incredibly disruptive not just financially but also operationally. An attack can grind an organization’s operations to a halt.
While the rapid growth of Ransomware is daunting, guidance is available to deal with the problem. Many organizations, including NIST, CISA, FBI, and others, offer recommendations, tips, best practices, and other collateral to deal with Ransomware. Notably, the NIST provides very concise and actionable recommendations to prevent Ransomware as well as how to recover should you fall victim to it.
What’s more, the NIST offers fundamental cybersecurity best practices that many organizations should be following already, such as utilizing antivirus software, keeping systems patched, blocking access to known malicious sites, and more. However, there are also additional actions, such as minimizing the use of overly permissive access controls, which ironically enough aligns with the broader push for Zero Trust, and also educating users on their activities.
Since Ransomware often enters an organization through users’ activities such as clicking on malicious files or links from unknown sources, educating your workforce is a critical step to take on your journey to mitigating your Ransomware risk as well.
All of that said, incidents can and will happen and you need to be prepared to respond to them when they do occur. Organizations should develop an incident response and business continuity plan and actually test it, even going so far as to run cutover exercises, moving beyond hypothetical scenarios. Given that Ransomware targets data and its associated storage, organizations must have backup and restoration plans that they regularly test as well.
Many organizations both in the public and private sectors have adopted frameworks, such as NIST’s Cybersecurity Framework. NIST also produced a Ransomware profile as part of the CSF effort, which helps organizations both gauge their existing readiness against Ransomware attacks but also improvise to mitigate the risks and ultimately recover from it if necessary too.
From a high level, the focus should revolve around educating employees, hardening systems from vulnerabilities and exploitation, and being able to quickly detect and respond to infections if they occur.
There are also undeniable parallels between the guidance from NIST around Ransomware and that of CISA in their “Shields Up” campaign as well, which aims to help organizations prepare for and respond to cyberattacks if they occur. The reason for this similarity is that malicious actors often take the path of least resistance. That means taking advantage of fundamental cybersecurity oversights such as insecure systems, poor workforce cybersecurity practices, and often simple administrative system oversights.
If you’re looking for more information on Ransomware, how devastating it is, and how to prepare and respond to it, the “Stop Ransomware” page from CISA is among the best resources. It includes a Newsroom, Alerts, Fact Sheets, and Ransomware Guidance, including best practices.
With the dramatically increasing rates of Ransomware paralyzing organizations’ operations and wreaking financial havoc across the global economy, it is critical for organizations to pay attention to this guidance and prepare accordingly.
Want more cybersecurity insights? Visit the Cybersecurity channel:
