Ransomware Has Become a Triple Threat
Introduction
No doubt there is an enormous amount of information about ransomware being published on a daily and weekly basis for the past several years concerning its effects, the substantial losses and the negative impact for both organizations and the economy as a whole. It seems that very little is understood about how to deal with this threat.
Ransomware is costing businesses more than $75,000,000,000 a year. This equates to approximately $8500 per hour related to downtime and recovery costs. For small businesses, this is particularly devastating, as it is generally understood that 60% of small businesses are forced to close six months after a major breach occurs.
The vast majority of these breaches are easily attributed to the fact that the majority of organizations do not have a coherent cybersecurity strategy or any kind of plan to help mitigate these risks. But there are things you can do in the short term that can help with minimizing this type of exposure.
Background
In the early days of ransomware, hackers realized this type of activity was very lucrative for them. Since the advent of ransomware-as-a-service becoming readily available, it is an option for individuals who are not necessarily technical, but see this as a way to generate revenues that are paid to them directly.
Although this originally generated a lot of revenue, and to a large degree still does, organizations learned very quickly that using their most recent backups was the cure they needed to bring their systems back online without having to pay the ransom. But as is always the case with cybercriminals, their innovation knows no boundaries.
What’s Happening Now
In about November 2019, a ransomware group by the name of Maze switched tactics to what would become known as the “Triple Threat”. In essence, this particular form of ransomware installed multiple payloads to elevate privileges, steal as much sensitive data as possible for sale on the dark web, then finally encrypting all files. It has become a very successful tactic for cybercriminals because they understand two things: a vast majority of companies do not patch systems on a regular and scheduled basis; also, the detection time for these types of Malware could be weeks or months, leaving regularly scheduled backups to become infected as well.
A recent CDW report revealed that approximately 22% of businesses in Canada have been hit with ransomware, this could subjectively be equated to approximately 260,000 business. Of these, approximately 80% of those were re-infected with the ransomware for the very reasons stated in this article. By 2021, Ransomware attacks will increase to 1 every 11 seconds.
What This Means for You
In the experience of the LCM and its involvement in ransomware cleanup operations of many organizations, incidents such as this are seen as very negative by the Board, the executive team, as well as share-holders. But so far, because of a lack of evidence that any sensitive data was stolen, the overall impact on the organization's reputation is minimal. This will change over time, as privacy law requires that any information that could be deemed as injurious to both employees, as well as outside parties that organizations are conducting business with will require the organization to disclose this to their respective privacy commissioners. Depending on the severity of the breach, this may also involve law enforcement, which in turn will become public knowledge and possibly reported by the media. This is the area that seems to be of most concern to organizations and the resulting damage to their brand and reputation.
What You Should Do Now
At the very least you should:
Have an understanding of the critical assets that are most at risk
Implement next-generation AI-based endpoint security
Provide scheduled security awareness training for all levels of your organization to understand how to recognize risks that come from things such as emails
Create Incident response plans designed to provide an immediate incident response which will help in minimizing the impact to the organization
Develop a longer-term strategy
Closing
LCM Security can help in all areas. Contact LCM about how we can help you.