Despite the threat of ransomware being at an all-time high, a recent report from cybersecurity firm Kaspersky says that 45 percent of employees in the U.S and Canada wouldn’t know how to respond to a ransomware attack. Thirty-seven percent don’t even know what it is.
Ransomware, characterized by attackers blocking access to critical data or services (usually through strong encryption) and demanding the victim to pay a ransom to regain access, can have devastating consequences. The report from Kaspersky estimated that ransomware could cost organizations $1 million on average, and in severe cases, more than $5 million.
Primary monetary damage is just one effect of ransomware. Downtime usually spells disaster for businesses large and small and is flat out unacceptable for critical services like hospitals. Attackers often evaluate the importance of the service and capitalize on the urgency to restore service when demanding the ransom.
The Ransomware Revealed: Paying for the Protection of your Privacy study was conducted by research firm Opinion Matters via an online survey targeting 2,007 business employees aged 17 and older from the United States and 1,011 employees of the same age from Canada on their knowledge of ransomware in the workplace. The survey was conducted in November 2019. Not all survey results are included in this report.
During the COVID-19 pandemic, attackers exploited public anxiety by sending malicious emails disguised as health safety information. These emails tricked their recipients into providing login credentials for financial websites, install malware on their machines, and frequently baited victims to execute ransomware programs.
According to Kaspersky, between 900,000 to 1.2 million users become targets of ransomware every six months. Also, attackers are becoming increasingly adept at sniffing out weak security systems, ambushing users at risk with surgical precision.
But everyone diverges on how to respond to a ransomware breach properly. Between Canada and the U.S., nearly 40 percent of the survey respondents on average believe that companies should pay the ransom to retrieve personal data, but that’s partially due to employees–45 percent of them–not knowing what other actions to take in case of an attack. And yet, 67 percent of survey respondents would outright refuse to pay a ransom if they were to become a victim.
While conceding to the attacker’s demands is the most direct way to restore operation, paying the ransom carries substantial risks and consequences. Firstly, there’s no guarantee that the attackers would keep the data anonymous or even return the data in full. Secondly, it sets a precedence and fuel motivation for future attacks.
A 2019 report by Emsisoft found that at least 966 public sector services were impacted by ransomware in 2019. Establishments like government agencies, education facilities, and healthcare providers remain especially at risk today.
How to prevent ransomware
In its survey, Kaspersky stressed that raising employee awareness on ransomware, as well as cybersecurity practices in general, is one of the best ways to prevent a ransomware attack. In case of a breach, however, Kaspersky experts recommend isolating the infected machine from network access should be the first step. They also suggest the following:
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) recommends reporting any incident to their team immediately. Although the honesty lowers customer and investor trust in the affected company, it helps to ease future attacks by the same strain of ransomware.
The Canadian Centre for Cyber Security (CCCS) also has a number of best practices to help insulate a business from ransomware. Unsurprisingly, security awareness training for employees is listed as the foremost method. Others include keeping operating systems up to date, disable macros in Microsoft Office, and rule of least privilege, in which the employee is only granted the basic resources to complete their function.
For when the system becomes compromised, the goal shifts from prevention to mitigation. The CCCS recommends immediately isolating the device by removing it from the network, followed by identifying the strain of ransomware and wipe all data to disinfect the machine. The breach should be reported to the Canadian Anti-Fraud Center.
These basic practices have been said many times before, but as the world is staving off a deadly pandemic, digital best practices are more important than ever to help keep critical infrastructures operational. When uncertain, always consult with IT before proceeding.