Ransomware is a type of malicious software that locks up your files so that you no longer can access them and demands you pay a ransom to unlock the files. Paying in Bitcoin or cyber currency gives the cybercriminal anonymity and cannot be traced.
Ransomware attacks are not new, but there has been a major surge since the COVID-19 pandemic. Cybercriminals are using the fear and uncertainty of the pandemic to send malicious emails purporting to be from a legitimate source, such as the WHO, Centers for Disease Control and Prevention, Get My Vaccines, etc.
Statista, a global business data platform, reported on a 2020 cybersecurity survey revealing that 68 percent of organizations in the United States had experienced a ransomware attack and had paid the ransom as a result. Additionally, 10 percent of U.S. organizations were infected from a ransomware attack, but did not pay the ransom, and 22 percent of U.S. organizations were not infected at all.
Cybercriminals often create organized groups and extremely sophisticated attacks. These attacks often target large organizations, because they can ask for a larger ransom, although small organizations and individuals are also at risk.
How can I protect my personal PC and my business?
• Train employees to recognize email scams and use caution when clicking on webpages.
• Back up data routinely and store it off the network.
• Keep PCs patched and security up to date.
• Maintain an updated incident response plan.
• Maintain a cyber-insurance policy that covers ransomware.
What do I do if it happens?
• Immediately disconnect the infected PC from the network before it spreads.
• Reach out to an IT expert.
• Contact your Cyber Insurance Agency.
• Identify where your backups are stored and restore your system from the backups.
• Report the incident to the FBI’s Internet Crime Complaint Center.
• If sensitive customer information was compromised, notify the affected individuals.
What other costs may be involved?
• The average ransom requested of an organization varies between 6 to 7 figures. According to a white paper published by the Sophos Group PLC, a security software and hardware company, the average global restoration cost is $761,106.00.
• Downtime and lost productivity.
• Employee overtime.
• Time to recover and restore from the incident.
• Additional devices and equipment.
• Forensic investigation.
• Reputational damage.
• Additional IT costs to prevent future attacks.
Law enforcement does not recommend you pay the ransom, since there no guarantee you will get your data back. Furthermore, paying the ransom almost doubles the overall remediation cost versus not paying. Not paying may make you feel better about not fueling the cybercriminals, and it also saves money in the long run. This is because, even if you pay the ransom, there is still a lot of work to do and money to spend restoring the data, and on top of that is the cost of the ransom.
Nevertheless, when your business is faced with the inability to function, you have to be prepared to evaluate your options.
For the Sophos Group white paper cited above, the company commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide new insight into what actually happens once ransomware hits. It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cybersecurity insurance.
The Federal Trade Commission provides information in an article on its website: Ransomware prevention: An update for businesses and features a Ransomware Quiz.