As part of a five-part series on the cyber threats individuals and businesses in our region, this month we focus on ransomware.
Unless you have been living under a rock or ignoring all cybersecurity news, you have at least heard of the word ransomware. While ransomware was just a fad among bad actors a few years ago, today, it is everywhere and a continuing and growing threat.
Ransomware is programs that encrypt your hard drive, and sometimes the hard drives of all computers on your company network, forcing you to pay for the decryption key. Ransomware has become big business for criminals, making billions. If your business was hit with ransomware and you didn't have adequate backups in place, you would either have to pay the ransom, which is not a good strategy, or reproduce your data from scratch.
With ransomware, the bad actors have figured out a pricing strategy where people would actually consider paying it. For example, if you held my computer hostage for $10 million, I would not pay. Even if I wanted to, I don't have that kind of money. However, if you help my computer hostage for $500, maybe I would pay, or at least I would have the ability to pay to save the cost of rebuilding the system, which might end up being more than the ransom.
The same theory applies to a business. Perhaps a more substantial business can pay more money, so their data gets held for ransom for a larger price. According to a recent CNN report, 140 local governments, police stations, and hospitals have been held ransom by hackers. One hospital in Alabama even stopped seeing new patients because of their ransomware attack.
Do you know why ransomware usage continues to increase? It is growing because it works. Individuals, companies, and organizations are doing the math of the cost of the ransom versus the cost of rebuilding, and they are determining that it makes business sense to pay the ransom. All law enforcement professionals encourage you not to pay ransoms. While I agree and would encourage you not to pay the ransom, I understand the organizations that make the payment.
A solid cybersecurity strategy can slow down your companies' chances of being infected with ransomware. While there are several steps that your company should take, below are three that should be considered as your first steps.
First, you must have regular and robust backups of your entire system and network, including servers, network storage devices, and end user's computer data.
Second, you should ensure that your anti-virus software and endpoint solutions are up-to-date. While your anti-virus software won't catch all ransomware, it should undoubtedly be part of your strategy.
Third, user awareness should always be part of the strategy. While the threat is evolving, the most common threat vector continues to attack the human factor. Users are still clicking links in emails or opening files that they shouldn't.
No one is saying your employees aren't trustworthy. Frankly, you would know better than me. They are still a huge risk and a risk that should be trained as part of your general cybersecurity strategy and specifically to fight ransomware.
A recent survey, found about 35 percent of data breaches were attributed to human error or negligence. With the annual cost of data breaches up over $400 billion globally, that is a significant potential impact to your business.
It doesn't mean your employees are bad people. It means that we all make mistakes and that your employees may not completely understand technology, cybersecurity, or ransomware. A focus of every cybersecurity strategy should be on the human factor, working to impact the behaviors of your company's people.
For example, an employee at a company receives an email from someone that appears to be a legitimate source, so the employee clicks the link suggested in the email. Instead of going to the advertised webpage, it goes to the email that may have looked like it came from a legitimate source, but the end result was a significant expense to the company. With employee training, the employee may have thought twice before clicking the link in the email.
While ransomware is typically distributed through spam emails or web links, there is a trend with ransomware where it is being used in targeted attacks in an opportunistic fashion. According to the 2019 Cyber Threatscape Report, ransomware attacks could be motivated by financial gain, hacktivism, destruction posing as a ransomware attack, or even geopolitical messaging.
The bottom line, no one is immune from ransomware attacks. As with all threats discussed in this series, it is your responsibility to take appropriate steps and implement a cybersecurity strategy focusing on strategies of identifying, preventing, detecting, responding, and recovering from threats.
Michael Ramage is the director of the Center for Computer and Information Technology at Murray State University. The Center for CIT researches various areas of computer and information technology as well as serving as a liaison between the academic and private sectors to increase the technology workforce. He can be reached at email@example.com or 270-809-3987 for questions or more information.