Ransomware has become a major threat to businesses across the world as cyber-attacks are becoming increasingly sophisticated, resulting in devastating financial damage for companies that fall victim. Not only are important files locked down, but downtime and other disruptions caused by these attacks can be crippling to your company’s operations. Below we debunk the top five myths and misconceptions to provide a better understanding of ransomware and associated risks:
1. Ransomware attacks are carried out by sophisticated hackers
Contrary to popular belief, few ransomware attacks are carried out by expert “hackers.” While the malicious code necessary to carry out the actual exfiltration and encryption of a victim’s files can be highly sophisticated, many attacks are perpetrated by unskilled crews that simply buy or even rent the malware. In these instances, the attackers need only concoct and distribute an effective spear phishing email that entices a user to simply click on an infected file or link. Effective spear phishing is an art in itself but does not require technical “hacking” skills. By making ransomware available to less-skilled attackers, the creators of advanced ransomware can scale their attacks and maximize the return on their investment in coding new variants of malware.
To stop an attack before the malicious code can take root and disrupt your business, it is critical to constantly monitor your network, scanning for unusual activity and identifying any spear phishing attacks in progress. Caught quickly, a ransomware attack can be stopped in its tracks, and infected systems can be cleansed and quickly brought back online. Outsourced threat detection solutions offered by Managed Detection and Response (MDR) providers can help protect you by proactively looking for suspicious activity and quickly responding to any alerts or indicators of compromise. If a ransomware attack is suspected, they can take immediate action to contain the issue before it causes harm. To help prevent an attack, it is important to educate your team on how to recognize phishing emails and other types of ransomware precursors so your company can actively defend itself.
2. Ransomware crews only target large companies or organizations
Most ransomware campaigns are indiscriminate in targeting their victims. In fact, most attackers do not even know the identity of a victim until a spear phishing email is successful in getting an unsuspecting user to take the bait. And since the number of mid-size organizations far exceeds the number of large companies, the vast majority of victim organizations are far from household names. In reality, ransomware can interrupt your business regardless of its size or financial resources. According to data from the 2022 Cybersecurity Special Report by RSM and the U.S. Chamber of Commerce, 23% of middle market executives said their company experienced a ransomware attack or demand in the previous year.
Middle-market businesses are particularly vulnerable because they:
- Tend to have limited resources for cybersecurity
- May not be aware of the latest threats and measures they need to take to protect themselves
- Lack of a comprehensive security strategy
- Rely heavily on cloud computing and outsourced software that is often targeted by attackers using malware-laced websites, phishing emails, or malicious downloads
To protect your company, you should conduct regular audits and implement proper authentication practices such as Multi-Factor Authentication (MFA). Additionally, you should invest in a comprehensive security strategy or outside Managed Detection and Response (MDR) provider that incorporates continuous monitoring of networks and systems, enforces policies and best practices, trains employees to spot malicious activity or threats, and backs up data in case of an attack. You should also be aware of the latest threat intelligence and take measures to protect your company by being vigilant about your online presence and keeping up with the latest cyber news related to your sector.
3. Ransomware can not be stopped once it is on a device
The best way to stop ransomware from compromising your endpoints is to take steps before they have been infected. This includes installing advanced, AI-driven, next-generation anti-virus and anti-malware protection to safeguard your data. But even these defenses can be defeated, which is why you need real-time threat detection. If an attack does occur, you should contact your incident response (IR) or MDR team for guidance. Once the malicious code has been identified, it can be isolated and removed using specialized tools or applications specifically designed to prevent ransomware attacks. In some cases, you may even be able to restore your data.
Preventing ransomware infections requires a multi-layered approach. You should ensure that software and systems are kept up to date. You should also combat potential threats using firewall settings that are regularly monitored to prevent unauthorized access. Additionally, data encryption is essential because it provides an extra layer of defense in case of a successful attack. Finally, regular backups of important files should be conducted so that there is an available copy if a device becomes infected.
4. Paying the ransom guarantees your data will be restored
When ransomware infects a device or network, it can be tempting to pay the ransom to get your data back quickly. Unfortunately, there is no guarantee, and hackers do not always deliver on their promises once payment has been made. And even when they do come through with a decryption key, the process of unlocking your data can be anything but simple – and it’s occasionally impossible. Not to mention that paying the ransom may encourage cyber criminals to target your business again in the future, as well as signal to other criminals that you are willing to succumb to threatening demands.
The best course of action is to work with incident response (IR) experts who are experienced in dealing with this type of attack. These professionals can evaluate the situation, advise on the best course of action, and help you restore access to your data without paying the bad actors. And if you do decide to pay the ransom, a qualified IR team can handle negotiations with the threat actor and facilitate the cryptocurrency payment (only after running a Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctions list check of course). In addition, they can help you prevent similar incidents from occurring in the future by implementing strong cybersecurity measures.
5. Advanced antivirus software can protect against all ransomware
Antivirus software is designed to identify and protect against known viruses and malware, but it cannot provide full protection against all types of ransomware. Authors are constantly developing new forms of malicious software that can evade traditional solutions, and some smart variants include anti-virus bypassing techniques that make them more difficult to detect. Even the most advanced, next-generation, AI-driven tools can be evaded by a sophisticated – or just plain lucky – attacker.
To protect yourself from ransomware infection, it is highly advisable to use an Endpoint Detection and Response tool managed by an experienced team of threat hunters. Many companies find that outsourcing the job to a Managed Detection and Response (MDR) team dedicated to cybersecurity is the best option – particularly if they serve as a partner, not just a provider. An MDR partner will build and maintain customized watchlists and detection models created from the latest threat intelligence to detect attacker activity around the clock in real time. They also provide an additional layer of protection by providing sophisticated containment, isolation, and IR capabilities when ransomware is detected.
Taking the Next Steps
Now that you are more familiar with ransomware myths and misconceptions, you can stay proactive and follow best practice guidelines so that your business can better secure its data against ransomware attacks. By implementing a strong cybersecurity strategy, you will be better equipped to handle ransomware threats and keep your data secure.
If you are concerned about your company’s ability to avoid data breaches, take our risk assessment. Our two-minute risk assessment can help you determine how prepared your organization is to repel a cyberattack. Complete your risk profile now and have the answers you need immediately.
© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.