In 2021, high-profile ransomware attacks, such as the Colonial Pipeline and Kaseya hacks, caused significant disruptions to supply chains and companies’ operations.
In addition to these high-profile hacks, ransomware attacks have grown more common in general. With the rise of Ransomware as a Service (RaaS), many cybercrime groups have access to high-quality malware. The widespread success and profitability of ransomware mean that any organization can be a target. According to Check Point research, ransomware attacks grew 93% between June 2020 and 2021.
Ransomware is designed to cause disruption and damage to an organization. Modern ransomware exfiltrates and encrypts a company’s sensitive data, providing cybercriminals with multiple levers to extort a ransom. In some cases, ransomware groups expand their operations to target a company’s customers as well.
A ransomware attack poses significant risks to an organization. In addition to the costs of lost productivity and remediating the incident, a company may face reputational damage, lose customers, and face legal and regulatory penalties for failing to protect sensitive data.
A ransomware attack can cause disruption to operations and significant cost and damage to a company. When faced with a ransomware infection, responding appropriately is essential to minimizing the damage.
Once ransomware has started encrypting files, damage has already been done. Unless a company can restore all files from backups, some data will be lost even if a ransom is paid. Also, modern ransomware commonly steals and exfiltrates data before encrypting it, meaning that the company has likely already suffered a data breach.
Prevention is the best way to manage the threat of ransomware. Some of the ways in which a company can protect itself against ransomware include:
Closing these potential attack vectors can help to reduce the probability of a ransomware attack. However, bolstering these protections with a strong backup policy can help to reduce the impact of a ransomware attack if one occurs.
Rapid response to a ransomware infection can help to reduce the impact and cost of a successful attack. A quick, effective response requires an organization to have an incident response team (IRT) and strategy in place before it is needed. When responding to a ransomware infection, incident responders should:
After halting the spread of the ransomware and investigating the incident, recovery is the next step in the process. After removing the ransomware, the crucial decision to make here is whether to pay the ransom or attempt to recover from backups.
While paying the ransom may seem like the easiest and cheapest way to address the issue, it should be a last resort. Paying the ransom provides no guarantee that data will be recovered and helps to fund future campaigns by the attackers. Explore whether data can be recovered from backups or if a decryptor exists for the ransomware before deciding to pay a ransom that could be in the hundreds of thousands or even millions of dollars.
The best way to manage the threat of ransomware is through preparation and prevention. Check out Gartner’s report on How to Prepare for Ransomware Attacks for more information on ransomware attacks and best practices for protecting against the ransomware threat.
Check Point Harmony Endpoint includes targeted anti-ransomware protection, enabling companies to rapidly detect and stop a ransomware infection in its tracks. Learn more by signing up for a free demo.