Ransomware is one of the most prevalent threats an organization may face, regardless of their size or industry. Recent trends and cybersecurity statistics show a dramatic increase in ransomware attacks in 2020, with the health care industry sustaining the highest number of attacks, according to a new research from Check Point. While many organizations have implemented security measures to minimize ransomware, cybercriminals continue to explore new and different methods to infiltrate into the organization’s network and cause damage in exchange for money. Organizations without the right tools and technology to prevent, detect, and respond to ransomware attacks may face increased risk as these attacks become more sophisticated.   

For organizations that have dealt with a ransomware attack, the journey to full recovery may be lengthy. Ransomware attacks have greater consequences than the costs of remediation or implementation of new technologies. Perhaps the most significant of all is the loss of consumer trust following a cyberattack, especially if the attack resulted in the breach of personal data. In this blog, we take a deeper dive into ransomware and the many facets of an organization that it can affect, as well as organizational best practices to reduce risk and help prevent a ransomware attack from having a devastating impact.

Defining Ransomware and Its Impact

Ransom malware, often referred to as “ransomware” for short, is a type of malware that locks users out of their system or personal files by way of encryption and demands a ransom payment before access is restored. While forms of ransomware have existed since the 1980s, the rise of cryptocurrency and its lack of clear traceability has caused ransomware to undergo a historic rise in popularity within the last decade. As with other types of malware, it can be acquired through various means such as opening an infected document, clicking an infected link, plugging an infected flash drive into the system, and other methods. Varieties of ransomware have grown far more advanced in their means of spreading, infecting, evading detection, encrypting, and even providing multiple payment techniques. Some of the more popular recent forms of ransomware include:  

• CryptoLocker, which helped to usher in the new age of ransomware starting in 2013.

• SimpleLocker, which was the first widespread ransomware attack focused on mobile devices.

• WannaCry, one of the most notorious versions ever distributed when it was developed using information stolen from the National Security Agency (NSA).

In October 2020, the Federal Bureau of Investigation (FBI) issued a warning to U.S. hospitals and health care providers of a new wave of cyberattacks. Most recently, Universal Health Services, one of the largest US health systems, had a ransomware attack that affected all of its US care sites and hospitals. When it comes to cyberattacks, the consequences of an attack vary depending on the organization. For a health care organization, cyberattacks are devastating because of the critical nature of their operations. These organizations cannot afford to have their systems down while the attack is under investigation. Given the inability to experience downtime, the affected organization will often agree to pay the ransom to restore normal business procedures as quickly as possible. Health care organizations are especially liable to ransomware incidents as attackers will specifically target them knowing they have a higher probability of paying the ransom. For this reason, any healthcare provider and other non-healthcare organizations should take extra care to prevent the likelihood of an attack and increase measures that allow for normal business operations to occur even after a successful attack.

Reducing the Risk

Mitigating the risk of a ransomware attack should be top priority for all organizations. The following are various measures an organization can undertake to reduce the likelihood and impact of a successful ransomware attack:

1. Increase Employee Awareness: Educating employees is one of the most effective methods to minimize the threat of an attack. Employees should be given guidance on how to detect suspicious emails and report them within the organization. Training should provide specific scenarios and examples that the employees understand and can relate to in their day-to-day functions. For instance, never opening documents from unknown sources, using un-approved removable media devices, or clicking untrusted links that may take them to fraudulent websites. Employees should be able to recognize a phishing email or when social engineering is being used in an attempt to ascertain sensitive information. While it is hard to predict when an organization may be hit, a well-trained employee can help reduce the risk.
2. Perform Risk Assessments: One of the best ways to prepare for an attack is to regularly perform risk assessments to help identify, manage, and safeguard information and assets that could be vulnerable to a cyberattack. This analysis will allow organizations to clearly identify the organization’s systems and resources, identify potential threats, determine the level of risk posed to the organization, and implement the right controls that help reduce the risk of an attack. The proper protection of these systems and assets can mitigate the impact an attack has on an organization and the following recovery effort. Proper preparation is key for ransomware attacks and understanding the effectiveness of the security controls in place. Organizations should view risk assessments as an on-going effort and not a one-time initiative.
3. Perform Regular Data Backups: Performing backups is critical to responding to a ransomware attack; however, many organizations find that their backups are also impacted in a ransomware attack. Having secure, on-demand backups will ensure that acceptable copies of data can be restored if the ransomware attack makes production copies unusable. Based on your risk assessment and business continuity planning efforts, backup solutions should offer redundancy and strong access controls. Organizations may find that certain needs require physical backups media that are completely disconnected from systems to protect against worst-case scenarios. It is also critical that backups are tested on a regular basis to ensure that data can be recovered in a timeframe that meets your needs.

Conclusion

Preventing or reducing the impact of a ransomware continues to be a top priority for security professionals. With the threat of ransomware increasing, it is crucial to implement controls, technologies, and mechanisms to protect the availability and integrity of data. Although complex tools and solutions may be used to protect against these threats, certain core governance controls offer significant risk mitigation when instituted. This includes performing routine and consistent backups, risk assessments, and employee training. When these initiatives are a critical part of an organization’s cybersecurity strategy, ransomware attacks and resulting financial losses can be mitigated.