For many organizations, big and small, network security is an issue which is too often neglected....
RANSOMWARE 201
“If you’re looking for ransom, I can tell you I don’t have money… but what I do have are
a very particular set of skills. Skills I have acquired over a very long career.”
– Bryan Mills, “Taken”
It’s become a common theme in entertainment. A story involving someone or something precious being held for ransom. A story told so convincingly that we can feel the immediate flood of panic, overwhelming fear and the feeling of being trapped, followed by the instinctive questions,
“What do I have to do to get it back?”
“Can I get it back?”
For most of us, we watch those movies and shows with the mindset that such a desperate situation will never happen to us. We know it happens to someone out there, but it probably won’t happen to us…right?
When it comes to ransomware, this is simply not the case. Especially if you are a business owner who conducts any amount of your business online, it is inevitable that you will have to deal with the digital form of that familiar crime. It is known as Ransomware, and instead of a person or physical possession being held for ransom, it’s your important financial records or your personal data files. Yes, it’s happening online instead of in the “real world”, but the roller coaster of negative feelings and consequences is the same.
Take a moment to imagine it happening to you. That is an awful feeling! How will you react when the unthinkable strikes?
Unless you prepare to defend your business dealings online against all incoming attacks, it WILL happen to you. Ransomware attacks are constantly occurring on a daily basis; no business is safe without the right protection.
In the past we have posted very informative “101” level articles on ransomware that are an absolute must for a solid foundation in digital security.
But now it’s time to move on from the basics and get a little deeper into the information you’ll be needing to protect your business in the present and near future.
To start, here’s a brief refresher of the Ransomware 101 facts everyone should know:
- Ransomware encrypts your data to extort money out of you
- The bare minimum tactics you should be implementing are to regularly update and backup your systems and files.
- Phishing is the primary tool used by hackers, so become an expert at spotting the lures.
- Above all, DON’T PAY THE RANSOM if at all possible. There are ways to beat them if you fall under attack. Learn How!
Ransomware 201 Orientation
Write this down in your notes because it’s important: Ransomware occurs at a rate of more than 4,000 attacks daily. That’s a statistic which comes directly from the FBI. This is not a one-time anomaly; ransomware attacks continue to rise each year. In 2017, the number of ransomware attacks averaged out to one occurring every 40 seconds. Now in 2021, ransomware attacks have escalated to happening every 11 seconds. Every day. Since you started reading this post, up to 6 ransomware attacks occurred (maybe this is a good time to check your network security – now we’re at 7 attacks…you get the picture).
What is driving this increase?
In the aftermath of COVID, hackers have become more brazen, devastating online security infrastructures and increasing their ransomware attacks by an unbelievable 435% when compared to the data from 2019! It is no accident; hackers know that companies make security mistakes when moving online and into employees’ home offices rather than corporate buildings.
We get it — the transition many companies made in the past year was out of necessity and even desperation. In that mode of panic, there was little to no time given to companies’ IT security infrastructures. But like vultures, hackers have been swooping in to target easy prey, namely healthcare, financial, government, and retail businesses worldwide. They know that if they can make you feel helpless and afraid, you are more likely to pay up.
3 Quick Tips
Now is the time to scrutinize your company’s security infrastructure in exhaustive detail to make sure you’re ready for the inevitable ransomware attacks. Here are 3 facts pointed out by the Cybersecurity Experts at Movaci that will help you get moving in the right direction.
- Beware of Double-Extortion.
Hackers are now regularly implementing what is known as a double-extortion strategy, meaning that they hold your files for ransom and threaten to share them publicly if you don’t pay up. They know that many companies have backups and data recovery options these days, so they are trying to pressure businesses even further with the threat to leak sensitive data to the public. - Watch your Apps
Besides phishing attempts through emails, one of the easiest ways for hackers to get into your system is through weaknesses in third-party applications. To avoid ransomware exploiting your third-party apps, keep all applications up to date. Also, customize the settings to prevent third-party programs and plugins from running without your permission. This includes mobile apps! Malware is going mobile now, so it’s important for employees to be held accountable for the apps they have on their phone as well as where they are downloading the apps from. - Know what’s at Stake
According to ID Agent, less than 60% of all companies who pay the ransom actually recover their lost data. That means those companies lose significant time and money for bad odds at getting their private data back. On average, a company dealing with ransomware loses 6 working days (calculate your own financial losses for that amount of time) and more than $35,000 for the ransom payment. It’s no wonder that many businesses that get hit hard from ransomware go out of business shortly thereafter!
Your Assignment: A Quick Risk Assessment
Ransomware attacks WILL happen. Is it more economical to:
A. Risk paying a hacker for maybe a 60% chance of recovering your files (not to mention the other losses mentioned above)
B. Contract professionals in Cyber Security that have your best interest in mind and will protect you.
Several times this year already, Movaci has protected big clients from falling victim to ransomware through our next-generation Endpoint Detection and Response (EDR) platform.
Our clients have peace of mind knowing that through our Managed Services Agent, their data and customer information are secured and protected from threats in real time, and their online IT infrastructure is monitored 24/7 by Movaci’s certified and experienced team.
You may have taken advantage of our services in the past when responding to our Ransomware 101 information, but our Ransomware 201 initiative offers further steps to take to better protect your business. The data may show that your system is statistically likely to be tested by a ransomware attack, but in a pass-fail scenario, Movaci’s Managed Services gives you an easy pass, so you can focus on growing your business securely.
TAKE THE NEXT STEP IN RANSOMWARE DEFENSE
If you’re looking for a “quick-win” to help secure your company from ransomware, the fastest action you can take – and the most important – is to make sure that everyone in your company is security conscious, and security-competent! Movaci’s Security Awareness Training offers organizations of every size and industry peace of mind that their staff are professionally equipped to handle online data with proper care, know how to react to risky or suspicious situations, and manage third party apps securely.
SCHEDULE YOUR SECURITY AWARENESS TRAINING TODAY
Remember, ransom crimes don’t just happen to the rich and famous on the big screen anymore. Ransomware affects everyone these days. Now is the time to be aware of it and to take action.
If you found this newsletter helpful, we’d love to know! Feel free to send us a message, comment or share this! Stay safe out there.