It seems like it’s been a while since ransomware has been in the IT security news headlines. Certainly, 2019 hasn’t seen anything rivaling WannaCry and Petya/NotPeya. But, does that mean businesses can stop worrying about their systems being held hostage and move onto other data security concerns – of which there are plenty?
First of all, ransomware events did drop off by 20% in 2018 according to the latest Internet Security Threat Report (ISTR) from Symantec. However, attacks on organizations are up 12%.
One reason for the rise in attacks against businesses is that, while ransomware started out as a way to target individuals, malware has gotten more sophisticated. Hackers are now able to target specific organizations or groups of organizations such as those least able to defend themselves or organizations the attackers bear a grudge against. (hacktivism) The three major ransomware attacks of 2018, SamSam, Ryuk, and Dharma/Crysis, were all targeted attacks.
Even small organizations can be big targets. According to Beazley Breach Response Services, small-to-medium sized businesses, which tend to spend less on information security, were at a higher risk of being hit by ransomware than larger firms.
Hackers also target those with the most to lose, and therefore, those they believe are most likely to give in to their ransom demands. The Beazley research found that healthcare organizations were the hardest hit by ransomware in 2018. According to a recent article in the Wall Street Journal, city governments are also increasingly under attack.
You Pay Regardless
The FBI’s recommendation remains the same: Do not give in to the ransom demands. There are several good reasons for that:
- Paying the ransom encourages more hackers to get into the game.
- There is no guarantee they will restore your systems once you pay them. (One in five businesses that pay do not get the key.)
- There is no guarantee they won’t target you again, especially if your post-ransomware cleanup fails to address the failures in your IT security perimeter.
Of course, the FBI’s advice may be sound, but it’s a bit hard to follow when it’s your systems that are under attack. And, many companies do pay. According to a 2016 IBM study, 70% of businesses attacked paid the ransom.
But whether you pay the ransom or not, the money the hackers demand is a drop in the bucket compared to the cost of cleanup. While the overall ransomware numbers are large – CybersecurityVentures predicts the global cost of ransomware will hit $11.5B (USD) annually by the end of 2019, up from $5B in 2017 – the ransoms themselves are often relatively small. Of the thousands of incidents Beazley researchers studied, the largest was a whopping $8.5 million, but the median was only slightly over $10,000.
Before you breathe a sigh of relief and think, that’s not so bad, keep in mind that these figures do not include the cost of downtime or remediation incurred, regardless of whether the organization pays the ransom or not.
The aforementioned WSJ article reports that Baltimore was hit by ransomware on May 7th, but city officials declined to pay the $76,000 ransom the attackers demanded. The story doesn’t place a dollar figure on the cost of cleanup, but it does say that some of the city’s systems were down until late last month. Could your organization afford to be down for two to three weeks?
Atlanta was also hit with ransomware on March 22. It’s not entirely clear whether Atlanta paid the $51,000 ransom, but they did report to BankInfoSecurity.com that cleanup costs have already topped $2.6 million.
The Best Offense is…
You guessed it. A good defense. That means implementing a solid perimeter around your systems to prevent intrusion and keeping a watchful eye.
A cloud management platform (CMP) can be the star player on your defensive team. A good CMP can help you ensure IT security best-practices are implemented across all your cloud environments whether that’s AWS, Azure, IBM, or some other cloud environment. They also provide visibility from a single console so you aren’t constantly having to monitor different tools for different environments or cloud instances.
In a previous post, we talked about managing compliance with the TRiA Cloud Management Platform using TRiA’s built-in compliance checks. For the most part, we’ve focused on monitoring compliance with standards such as SOC 2, HIPAA, PCI, etc. But, you can also use these compliance checks to monitor for vulnerabilities that have nothing to do with an industry standard or federal regulation. For example, if you have a few compliance best practices unique to your organization, add those to an existing compliance group or create your own compliance standard.
If you’d like to learn more about how TRiA can help you protect your systems from a ransomware attack, here are three ways you can learn more:
Watch an on-demand demo – This on-demand demo isn’t specifically about ransomware, but it will give you a good look at how TRiA’s compliance checks work to protect systems and data.
Request a live demo – One of our cloud advisors would be happy to give you a personalized demo of TRIA functionality and talk with you specifically about ransomware protection – or any of your other cloud governance concerns.
Visit our website – If you’re just looking for more information, we have plenty of it on our TRiA home page.
And, as always, we’re here to help. I invite you to reach out to us directly with any questions you have.