The financial loss due to data breaches related to ransomware has doubled since 2015 as it has been predicted to amount up to $6 trillion in 2021. During the first half of 2021 the number of ransomware attacks was twice as big as for the previous researched period. Manufacturing, financial sector, government and healthcare are among the targets which have been threatened the most. Since the pandemic erupted the number of ransomware incidents has grown 1.5 times.
According to IDC, above 1/3 of companies all over the world became victims of ransomware hackers in 2020-2021. 13% of organisations of those which were trapped in a ransomware situation refused to pay ransom. Those organisations which have chosen the long run tackling digital transformation over the prompt adoption strategy and try to mate it with their established internal tactics have experienced fewer ransomware attacks.
Obviously, the enterprises and institutions appeared to be unprepared for mitigating ransomware attacks, as many of them couldn’t find anything better to do than to pay ransom despite the fact the authorities are against such a solution of the problem. Paying ransom is not a guarantee of retrieving your data anyway.
Major ransomware cases 2020-2021
These years there have been an upsurge in major notorious ransomware attacks on reputed companies.
Colonial Pipeline Co. was temporarily out of order. The pipeline operations were halted to make sure that nothing goes wrong until IT systems are recovered. The ransom the company paid totalled $4,4 million.
JBS was affected by the hacker group REvil in May. The USA subsidiary had to stop operating to recover fully and quite shortly thanks to encrypted backup and proactive response. It was soon announced that the company actually paid $11 million. Payment was made to protect data from extracting, but the specialists ascertained that the systems weren’t impacted and JBS wasn’t urged to shut down the workflow. The company decided to pay anyway. That means that businesses might tend to pay ransom just in case fearing that a hacker has a hidden weapon and may shoot when you least expect.
Kia Motors experienced the inadvertent closedown which compromised the work of the portal, apps, some services and payment processing. The enterprise was to pay $20 million.
CNA Financial, a prominent insurance company, dealt with the incident putting at risk about 75,000 people whose details were held hostage by ransomware attackers. It took the company $40 million to get its network back.
Bangkok Air lost 200GB of information to a ransomware group which threatened to release the data if it doesn’t get paid.
Discourage a hacker from willing to attack you
As far as paying ransom is a questionable way out of the situation, there should be an approach which can trigger a healthy reaction to an incident or even better – prepare companies for a possible ransomware attack.
It might be not easy to find this congruence between managers’ thirst for extra data which helps gain power over audience and competitors as well as for quicker and simpler communication channels and information security specialists’ call for limits in sharing, access, the number of used tools, but all these priorities don’t seem to dock properly.
Security officers and risk managers are aware that any kind of data should be protected as much as possible, and prioritising particular types or storages will one day be nothing more than waste of money and effort, as finding a loophole via other unsecured gates will not spare them. All assets are to be protected.
Ransomware became a scaringly popular way of stealing data. A company doesn’t know whether it regains its data or the information is lost or compromised for good as in any data breach, but here it also has to pay a large sum of money just in case it helps. Thus, a company loses data plus pays for it.
Human behaviour monitoring will tell a specialist whether a suspicious negotiation has taken place. Data should also be encrypted. There are monitoring solutions which allow sufficient control to detect alarming conversation with an unknown user who might be an unauthorised third party whose intervention is fundamentally unsolicited, data exchange between an employee and an external user via vulnerable channels or clicking dangerous links and downloads, surfing leery resources and websites. Each enterprise should establish corporate regulations within which the security policies will be strictly shaped and clearly defined. In case some activity doesn’t fit the set limits, the system informs a specialist about the possible violation to prevent a company from a longer chain of unwanted events. A company can protect itself and its workers from non-existent user accounts that usually become a gateway for a leak generated by a fraudulent scheme. Any type of stored corporate data is important to a company. But security policies can vary from one department to another, so it Is crucial to make sure, that the information of each department is covered and comprehensively monitored, which can be achieved thanks to the focus on the specifics of every part of the company’s performing mechanism. Encryption features are indispensable when it comes to protection of data from theft or taking it hostage in exchange for extortion. DLP and risk management solutions allow blocking transfer of confidential information (for example, when an employee becomes a target of extortionists, gets blackmailed and decides to give the data to violators) or making a user think that data leaves the corporate perimeter while getting uploaded to a flash drive, whereas in reality the data becomes encrypted during the process and won’t be read from the external storage on any other computer than the corporate one.
Thus, any employee might become a malicious insider unwillingly, due to an external aggressor, trying to avoid things getting worse. A worker may not tell it to a specialist within his or her company fearing bigger problems from the top management and from the hackers who threaten with exposure. Insider threat remains a serious issue.
The quantity of violations occurred due to human factor grew by 47% for the past two years, according to Panda Security. The number of insider breaches, which happened because of a company’s partners, usually amount up to 25 incidents out of 100 overall security incidents, according to Insights.
IT Portal had prevised that cybersecurity threats would have increased by 8% in 2021, and 1/3 of threats would have been due to an insider.
ID Watchdog reports that back in 2020 more than half (60%) of all breaches originated from a malicious intent of an insider.
TechJury claims that the average time to identify an information leakage incident for the majority of businesses is 197 days, which is definitely a poor result, and 77 days are required to actually recuperate from it. Whereas 85% of entities find it difficult to thoroughly investigate an incident caused by an insider and assess the scope of the damage, according to Security Round Table.
Observe IT states that 55% of companies name a privileged user the biggest threat to internal security.
According to Forrester, 74% of companies are concerned with insider risk management now much more than before the pandemic, and 33% of a company’s breaches are going to be insider threat-driven in 2021.
Employees should be given access only to the data which is needed for their corresponding job tasks and responsibilities – that would lower immensely the risk of being compromised by a human error or accidental leakage.
Does encrypting your data keep you safe from ransomware? Encryption alone surely won’t protect a company’s data from ransomware encryption. First of all, ransomware can be infiltrated at various levels into a company’s system, blocking the access to your own data where you expect the least. Second of all, as soon as there are double-encryption ransomware attacks, any data can be encrypted twice with different types of encryption, thus even encrypted data can get encrypted by someone else.
Although it doesn’t mean that encryption is useless. Encrypted data can be stolen and locked up by hackers making it impossible for the owner to unencrypt the information, but at the same time it keeps being ciphered for the violator. In case you have your data backed up and retrieving this data is not your priority, whereas the very exposure of it is what bothers you the most, then encryption is a must. The best thing an organisation can do is to do both: ensure solid and constant back up and maintain the access and the files encrypted, which won’t neutralise the threat but will decrease the damage a ransomware inflicts.