By Thomas G. Stephens, Jr., CPA, CITP, CGMA
One of the most — if not THE most — significant issues in information security during 2019 was the proliferation of ransomware. Unfortunately, this trend is likely to continue in 2020. Therefore, let us examine some ransomware statistics so we can prepare to defend our data.
What is Ransomware?
Ransomware is a form of malware that, as its name suggests, takes your data hostage, and holds it for ransom. Typically, ransomware encrypts all your data so that you cannot access it. Once the encryption is complete, the cybercriminals notify you and demand a ransom payment. If you pay the ransom, presumptively the cybercriminals provide with the encryption key to regain access to your data. However, in some cases, the cybercriminals extort the ransom from the you and never supply the encryption key. In these situations, your data is lost forever.
Of course, you should make every reasonable effort to prevent ransomware from infecting your systems in the first place. We discuss some of these preventive controls later in this article. But, in the event your systems do become infected, are there options for recovering your data without paying the ransom? In short, YES!
If you have proper backup controls in place, you can restore your data from those backups. Unfortunately, sometimes poor backup procedures are in place and the ransomware encrypts the backups too. Similarly, sometimes these same poor backup procedures mean that no recent backup is even available. In situations, such as these, paying the ransom becomes a virtual — albeit, distasteful — reality.
10 Chilling Statistics About Ransomware
The proliferation of ransomware over the past few years has placed near the top of the list of cybercrimes. To gain an appreciation just how widespread ransomware is today, consider the following statistics about ransomware.
- The cost of a ransomware attack continues to escalate. For example, Datto reports that ransomware costs businesses more than $75 billion annually. Similarly, Sophos reports that the average cost of a ransomware attack on a single business is now $133,000.
- The rate of ransomware attacks also continues to escalate. As an example, Phishme reports that ransomware attacks have increased 97% over the past two years.
- Cybersecurity Ventures estimates that a new business will fall victim to ransomware every 14 seconds during 2019.
- Phishing remains a popular way of committing ransomware a ransomware attack. Webroot indicates that cybercriminals create 1.5 million new phishing sites every month. Further, Phishme reports that during 2019, ransomware from phishing emails increased 109% over 2017.
- The health care industry is a favorite target of ransomware attacks. As reported by Beazley, almost half of all ransomware incidents reported in 2018 involved healthcare companies. Healthcare IT News reported that 18% of healthcare devices have been the target of malware. Additionally, a report by CSO Online estimates that the number of attacks on healthcare related companies will quadruple by 2020.
- Governmental organizations are becoming increasingly popular targets of ransomware attacks. During the summer of 2019, at least twenty-three municipalities in Florida and Texas fell victim to ransomware. Previously, major cities such as Atlanta and Baltimore became victims. In the case of the Atlanta attack, remediation costs are reported by the Atlanta Journal-Constitution to be as high as $17 million.
- Ransomware attacks are not limited to Windows-based PCs. Fortinet, for instance, expects that mobile malware, banking malware, and ransomware will prove to be the top security threats of 2019.
- As reported by Carbonite, ransomware often attacks small businesses through unsecured Remote Desktop Protocol (RDP) ports on Windows-based PCs. A recent report by Shodan.io indicated at least 3.3 million computers worldwide that are exposed through open RDP ports; one-third of those devices are in the United States.
- Another popular form of a ransomware attack is plant links to the malware in email messages. One study published by Newsweek indicated that approximately 50% of all people will click on links from unknown persons.
- As reported by SafeAtLast, more than 77% of businesses affected by ransomware were using up-to-date protection. This clearly indicates that traditional forms of anti-malware protection are not effective against the scourge of ransomware.
How to Protect Your Business Against Ransomware
As is almost always the case with cybersecurity issues, no single method is adequate to reduce the proliferation of ransomware. Instead, you should use a multi-layered approach to address and reduce your risk.
Following are some of the common sense steps that you should engage to reduce the probability that you will fall victim to an attack.
- Plan for the worst, by assuming that you will become a victim. Against that backdrop, address your backup procedures to determine that they are adequate in today’s environment and allow you to restore your data in case of an attack. Ensure that your backups are stored offline.
- Train your team members not to click on links and attachments in emails from unknown parties. Reinforce this training on at least a quarterly basis.
- Ensure that all computers remain updated and patched to reduce the threats of vulnerabilities in the operating systems or installed applications.
- Consider implementing a “whitelisting” approach to security. Using whitelisting tools, such as AppLocker found in Windows, you can control which applications can run on a computer. Thus, even if ransomware infects a device, unless the whitelisting software in use has authorized the ransomware to run, your data should remain safe.
- Stay informed on developing trends in ransomware. No doubt, this threat will continue to evolve and yesterday’s techniques will not be adequate to protect against tomorrow’s threats. Therefore, don’t view securing your data as a one-time project; instead, consider securing your data a never-ending process.
Ransomware is nothing new; in fact, ransomware dates all the way back to 1989. However, ransomware has exploded over the past five years and its proliferations shows no meaningful signs of slowing down. For victims, ransomware exacts an extraordinary toll, costing potentially millions of dollars and creating crippling customer/client service issues. Therefore, immediately assess the risk of becoming a victim and act appropriately to reduce that risk to an acceptable level. The very existence of your business could depend upon it.
Tommy Stephens is a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial and other business professionals across North America. Email him or learn more about K2 Enterprises.