Ransomware is all over the news. From the Pipeline attack to a slew of other threats, this cybersecurity issue isn’t going away anytime soon. The past year has only exacerbated this particular problem. Let’s review the details of these attacks and what your business can do to protect itself.
Ransomware Background
For starters, what is ransomware? Sure, everyone’s talking about ransomware, but what exactly is it? Ransomware is a form of malicious software that encrypts the target’s files, making the target unable to access their data. A ransomware attacker will demand a fee to target the decryption key to re-access their software. Typically, the fee demand is in bitcoin and can range from hundreds to thousands to hundreds of thousands.
Phishing
So, how do these attacks happen? The most common way a ransomware attack occurs is through phishing. Phishing is the process by which the attacker will include a malicious link in an email that seemingly comes from a trustworthy source. Once the link is clicked, the malicious software is downloaded to the target’s computer.
In some ransomware attacks, the attacker may claim to be a law enforcement agency or the company’s own IT department, saying it has to shut down and update the target’s software. The attacker is then given full access by the target and can begin the ransomware attack by encrypting the target’s files.
Social Engineering
Social engineering is so popular that it’s a part of almost all ransomware attacks. It occurs when an attacker manipulates their target into clicking a malicious link, downloading malicious software, etc.
Social engineering often happens in conjunction with a phishing attack. Someone is pretending to be a trusted source (e.g., CEO or CFO of a company) and asks the target to upload software to their computer for safety measures. The target trusts that the email is from someone they know, and they comply with the directions resulting in the start of a ransomware attack.
Another form of a social engineering attack is baiting. For example, someone you know sends you a link to download music from a band you’re interested in. Once the “music” is downloaded, the malicious software is immediately installed, leaving your system exposed.
High Profile Ransomware Attacks
Here are a handful of the most famous ransomware attacks that occurred recently.
Colonial Pipeline
One of the most recent, high-profile ransomware attacks was on Colonial Pipeline, a major fuel pipeline that supplies the east coast. As a precaution, the company took the pipeline offline and said the attack didn’t interfere with the systems operating the pipeline. The result of this shutdown could be increased gas prices along the East Coast, showing how impactful these attacks can be.
City of Baltimore
In May of 2019, Baltimore, MD, had its servers compromised by a ransomware attack. The attackers demanded payment in bitcoin (13 bitcoin, equal to roughly $76K). The city was susceptible to a ransomware attack because of the lack of controls that it had in place. As a result of the attack, the city had to reallocate $6M for additional information technology security and infrastructure.
Microsoft Exchange Attack
In January 2021, a series of attacks crippled Microsoft’s exchange servers. This attack gave the attackers access to user emails, passwords, admin privileges and thus critical private information. It’s estimated that the attack impacted as many as 250,000 servers.
Microsoft acted quickly and released a series of updates in March meant to patch the security exploit identified by the attackers. However, Microsoft found another round of ransomware later in March, which required yet another series of patches. This attack cost Microsoft millions in addition to irreparable harm done to its brand.
Small Business Example
Larger companies get the majority of the headlines when they suffer ransomware attacks. That can make small businesses believe that they’re less at risk than medium- or large-sized companies, however, that’s simply not true. Almost 50% of small businesses have experienced a ransomware attack. That said, hackers often target small businesses due to the lack of internal controls and security procedures. Additionally, most small businesses are more likely to pay a ransom to get their systems up and running again. Remember, downtime is critical to a small business’s bottom line.
Unfortunately, a ransomware attack can cost a small business as little as $10K up to the hundreds of thousands. For example, a small start-up company in Europe sold high-end products online. Their IT security controls didn’t go beyond what came with their systems — just the basics.
One day, an employee errantly opened a PDF that seemed to be from someone internal. The PDF downloaded the malicious software, and the company was locked out of all of its systems. They later received an email stating that they would get their data back if they paid 15K in cryptocurrency.
The hackers kept threatening the company by repeatedly sending email demands. The company ultimately didn’t pay the hackers; however, they lost just as much if not more money than the ransom. Consider the cost of their systems being down and the cost of the workforce to increase their internal controls.
How Can Businesses Protect Themselves?
With the increase in ransomware attacks, it only makes sense to find ways to protect your organization. Here are a few risk management ideas.
Cybersecurity
Cybersecurity is crucial to protecting your business from a ransomware attack. This approach includes the protection of your information, data, hardware, and software from cyber threats. Cybersecurity also involves data security, operational security, physical security, as well as your business’ disaster recovery and business continuity plan.
Internal Processes and Procedures
Given the rise of ransomware attacks, internal processes and procedures are now more critical than ever. Most cyber insurance carriers ask for a supplemental ransomware application before they provide a quote for cyber insurance.
These applications ask specific questions about internal controls such as multi-factor authentication, off-site data backups, firewalls in place, encryption, etc. These internal controls limit a company’s exposure to ransomware, thus making the cyber carrier more comfortable taking on the risk.
Risk Assessments
If you’re wondering if your company could be susceptible to a ransomware attack, executing a cyber risk assessment of your systems will help give you the answer. A cyber risk assessment can help you identify and prioritize risk to your operation and risks resulting from the use of your information systems.
Furthermore, a cyber risk assessment will help your organization’s leaders make critical, informed decisions about the security in place and the need to add additional measures. The evaluation can help you decide the impact of a ransomware attack on your organization and what current systems are most vulnerable to such an attack.
Does Insurance Cover Ransomware Attacks?
In a word, Yes! Ransomware (most commonly seen as “extortion” on cyber liability insurance policies) is covered by preferred cyber liability carriers. In almost all cases, ransomware is covered up to the total limit of the cyber policy.
Finding the right policy for your individual business can be time-consuming, but it’s worth considering one that will effectively protect your company against a statistically-likely cyberattack. Consider ransomware protections as you’re researching the right policy for your business.