While a relatively older form of cyber attack, ransomware remains one of the most widespread and effective types of attacks that businesses face. In 2023, ransomware looms larger than ever, with the frequency of attacks steadily increasing and taking on a more personal dimension.
Ransomware attacks are malware that restricts you from accessing your device and important data by encrypting your files. This can result in your device becoming locked, or your data being stolen, deleted, or encrypted. When this happens, the hackers responsible for the attack typically demand a ransom in the form of a cryptocurrency, such as Bitcoin, in exchange for providing you with a decryption code that will grant you access to your stolen data.
The effectiveness of ransomware lies in its ability to rapidly cripple an organisation’s operations. As per insights from Veeam’s 2023 global report, ransomware attacks have increased by more than 12% over the previous year, with 76% of organisations suffering at least one ransomware attack.
How does ransomware work?
In order for ransomware to be successful, it must first gain access to a victim’s system. Like any malware, ransomware can infiltrate an organisation’s systems through various means.
- Phishing emails: A malicious email may contain a link to a website hosting a malicious download or an attachment that has a download function built in. If the victim clicks on the link or attachment, the ransomware is downloaded onto their computer.
- Malicious websites: When you visit a compromised or malicious website, malware can automatically download and execute on your system without warning or indication. These types of attacks are commonly known as drive-by downloads.
- Remote desktop protocol (RDP): Hackers can gain access to a victim’s system through RDP, which is mainly used by IT administrators to access systems remotely. If the system is not securely configured, they can manually install ransomware once inside.
- USB or removable media: Ransomware can spread via infected USB drives or other removable media. When a victim inserts an infected device into their computer, the ransomware can be transferred.
It’s important to note that once ransomware infects a network, it can spread to any device connected to the network, including computers, smartphones, and other systems.
After gaining unauthorised access, ransomware encrypts files and replaces them with encrypted ones that can be retrieved only with a decryption key. Some variants of ransomware may delete backup files, making decryption harder. Insights from Veeam suggest targeting backups has become a standard procedure, with over 93% of ransomware attacks targeting backups.
Should you pay the ransom?
It is highly advised to never pay ransom. While you might think that paying the ransom is the sole avenue to recover your encrypted files and stolen data, there’s no assurance that the ransomware creators will provide a decryption tool after receiving the payment. According to research by Veeam, 1 in 4 organisations who pay ransom still don’t recover data.
Paying the ransom not only funds criminal activity but also increases the risk of future attacks. In fact, 56% of those who pay the ransom are at risk of reinfection during the data restoration process after an attack.
Although paying ransom is not illegal in the UK, it may put you in violation of various laws and regulations, potentially leading to fines and penalties. It can also cause reputational damage as word of your organisation paying ransom could result in customers and suppliers losing trust in your ability to protect their data and interests.
Prevent and protect against ransomware attacks
There is no way to completely prevent a ransomware attack, however, there are ways to mitigate the risk of an attack and recover data with the correct solutions and security defences in place.
- Strong passwords: Strong passwords act as a barrier to unauthorised access to shared files and resources. Using a password manager will revolutionise the way you log in to your accounts – they help you create and store complex, unique passwords in a secure vault, removing the need to memorise them.
- Security awareness training: It is crucial to have a strong defence against cyber attacks. One way to achieve this is by ensuring that employees are well-informed about the common signs of cyber attacks, through implementing user awareness training. By having this knowledge, they will be able to recognise potential threats and take appropriate action to safeguard the organisation’s digital infrastructure.
- Keep systems and software up-to-date: Cybercriminals often take advantage of security vulnerabilities in outdated software to deliver ransomware. Regular software updates include patches that fix these vulnerabilities, making it harder for attackers to gain access. Software updates often come with improved security features, providing better protection from against ransomware and other threats.
- Backup and recovery: Having a clean, reliable backup of your data is crucial when a ransomware attack occurs. If you can prevent the ransomware from reaching and encrypting the backup, you can use it to recover your data. Migrating your data to the cloud can also help you protect your organisation from ransomware attacks as attackers often target on-premise systems since they are easier to infiltrate compared to cloud-based systems.
Fortify your defences with The Cyber 7
During Cyber Security Month, we’re extending limited-time offers to both our valued clients and new customers. Our exclusive ‘Cyber 7’ promotions feature state-of-the-art cyber security solutions every business needs to bolster and fortify their security defences.
Take advantage of our ‘Cyber 7’ promotions today to secure your digital assets effectively. If you require further information, please get in touch or contact your Air IT Account Manager.