In our previous blog, we shared how Network Security can safeguard your business and know what type of malware attacks can harm our system. Cybercriminals use different types of malware to gain access to sensitive information, but one type of attack that seems rampant nowadays is Ransomware.
On the recent attacks, one of the largest insurance companies from France recently announced that a ransomware attack hit their four Asian subsidiaries (Thailand, Malaysia, Hong Kong, and the Philippines), which impacted their operations. The said attack had been affected corporate clients and individuals by gathering their records and personal information.
AXA announced that it will no longer write cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals and the suspension of the option in response to concerns raised by French justice and cybersecurity officials during a Senate roundtable in Paris about the devastating effects of ransomware.
“The word to get out today is that we don’t pay, and we won’t pay when it comes to ransomware,” cybercrime prosecutor Johanna Brousse said during the hearing.
According to the cybersecurity firm Emsisoft, only the United States surpassed France in ransomware damage to businesses, hospitals, schools, and local governments last year, with France’s total losses estimated at more than $5.5 billion.
When compared to the same period in 2020, the global rate of ransomware attacks has increased by 102 percent so far in 2021. According to a report, nefarious hackers are increasingly using Triple Extortion attempts to increase their profits. Taking the success of extortion, with a 171 percent increase in ransom payments, hackers are looking for ways to increase profits.
“Ransomware continues to be very costly for many businesses – the price you pay for not being prepared is on the rise,” Joseph Carson, chief security scientist, and Advisory CISO at ThycoticCentrify, says.
It only takes one employee to open a malicious email attachment to bring a company to its knees.
But what exactly is Ransomware? What is Triple Extortion?
Ransomware is one of the most serious security issues in the digital world, as well as one of the most serious forms of cybercrime that businesses face today. Ransomware is a type of malware that encrypts the files of the victim (Organization) which then demands a ransom in exchange for restoring access to their data.
Worse, if you are infected with file-encrypting ransomware, criminals will openly declare that they are holding your corporate data hostage until you pay a ransom. The ransom can range from a few hundred dollars to thousands of dollars, and they are paid via cryptocurrency or credit card.
Now, Triple Extortion is a new attack technique in which cybercriminals send ransom demands not only to the attacked organization but also to any users or other third parties who may be harmed because of the leaked dataWhich means, apart from your organization, attackers will also demand ransom from your partners, clients and anybody from the data they got from you.
How does Ransomware work?
There are several ways ransomware can gain access to a computer. One of the most common methods of delivery is phishing, which consists of attachments sent to the victim in the form of an email disguised as a file they should trust.
Once downloaded and opened, they can take over the victim’s computer, especially if they include social engineering tools that trick users into granting administrative access.
What is Phishing?
It is a method by which hackers trick you into providing your personal information or account data. The goal is to trick the email recipient into thinking the message is something they want or need, such as a request from their bank or a note from someone in their company.
Once your information has been obtained, hackers will create new user credentials or install malware into your system to steal sensitive data.
How to spot a Phishing email?
A phishing email is one of the most common types of cybercrime, but no matter how much we think we know about scam emails, somehow, we continue to fall for them. Email is used by hackers to trick us into providing personal information. They may attempt to steal your passwords, account numbers, or any other accounts associated with your name. If they obtain that information, they will be able to access all your accounts.
If you receive a suspicious email, be aware of the following messages:
- claim to have observed some suspicious activity or log-in attempts
- assert that there is a problem with your account or payment information
- Suppose you need to confirm some personal information.
- include a bogus invoice
- would like you to click a link to make a payment
- Suppose you are eligible to apply for a government refund.
- provide a coupon for free items
While this email appears to be genuine at first glance, it is not. Scammers who send emails like the one below have nothing to do with the companies they pose as.
Here is an example of a phishing email we have received. Do you notice any indications that it is a scam email? Let us take a closer look.
- Sender: An email was received by our server from an unknown sender pretending to be someone else. In this case, his name is IT Report. Notice that the content of the email seems to be from Office 365, yet the sender’s domain is wintelcorp.com.
- Message: The message begins with a generic greeting, “Hello.” If you have an account with the company, it is unlikely that it will use a generic greeting like this.
- Password: The sender asks us to update or confirm our password information.
- Sense of Urgency. Notice that the email seems to be urgent with the words “final notice”, “your password expires today”. This is a social engineering technique to trick you into taking action as soon as possible which leads you to click the links they provided but don’t fall for it!
- When clicked, it takes us to a completely similar-looking login page, but the link is different.
- The page appears to be a replication of our company’s Microsoft Office 365 login page. If you are someone who does not verify links before clicking, and if you are in a hurry to change your password because it is said to expire today, then you might fall for this. That is why you need to be vigilant!
This is a great example of social engineering; the hackers even went so far as to replicate the Office 365 login page via email. Once you click phishing emails like this, you risk your company’s security.
Thus, take note of the red flags we noted above!
How does ransomware impact your company?
Simply put, ransomware has the potential to destroy your business. Even a single day of being locked out of your files by malware will have a huge impact on your revenue.
Resulting in negative consequences such as:
- Loss of sensitive information
This type of impact can disrupt business operations and is devastating for both employees and clients. Encrypted data can either be temporal or permanent.
- Operational disruption
Ransomware attackers target your sensitive data to catch your attention. When your business is hit with ransomware, it is not just your finance is being sacrificed, but also the time that you spent on finding a solution to get back your data or your system.
- Monetary loss
The main goal of the Ransomware attack is to extract money from the victims. Attackers will demand a ransom to decrypt your hacked data and sometimes will demand a time for the payment.
- Reputational damage
A ransomware attack harms an organization in a variety of ways, ranging from preventing it from fully operating for weeks to causing customer loss and potential reputational damage.
Given that the systems have been down for so long, not only due to ransomware but also due to the time and effort required to clean up and restore the networks.
Who are the primary targets of ransomware?
Attackers choose which organizations to target with ransomware in a variety of ways. Sometimes it is a matter of timing. Small and medium-sized businesses are popular targets due to their lower cybersecurity than large corporations. Despite this, many SMEs believe they are too small to be targeted – but even a smaller ransom of a few hundred dollars is extremely profitable for cybercriminals.
On the other hand, some organizations appear to be more appealing targets because they are more likely to pay a ransom quickly. Government agencies and medical facilities, for example, frequently require immediate access to their file with sensitive data. Moreover, they are willing to pay a high price to regain access to their data.
How much will ransomware cost your company?
According to a new report, the average cost for businesses to recover from a ransomware attack has more than doubled in the last year, from $761,106 in 2020 to $1.85 million in 2021. These costs include the ransom, as well as downtime, employee time, device costs, network costs, missed opportunities, and other financial losses. Ransomware is a multibillion-dollar industry, and the market has grown rapidly since its first detection.
In 2021, the average ransom paid was $170,404. The highest payment received by those polled was $3.2 million, with $10,000 being the most common. According to the findings, 10 organizations paid ransoms of $1 million or more. The percentage of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021.
However, there is no guarantee if cybercriminals will encrypt your files back after paying the ransom. Moreover, after receiving the ransom payment, hackers restored only 65 percent of the encrypted data. But how can you protect your business away from this type of incident?
How can you protect your business from ransomware?
When it comes to ransomware protection, prevention is preferable to cure. To accomplish this, vigilance and the proper security software are required.
You must always be prepared to be attacked. Follow these steps to avoid ransomware and mitigate the damage if you are attacked:
- Back up your data.
Back up your files regularly. This will not prevent a malware attack, but it will make the damage caused by one much less severe. Furthermore, if you do become infected with ransomware, you can wipe your computer or device clean and reinstall your files from backup.
- Patch and update your software.
Maintain a patched and up-to-date operating system to ensure you have fewer vulnerabilities to exploit, it significantly reduces the number of exploitable entry points available to an attacker, as flaw patches are typically included in each update.
- Educate your end-users.
Keep up to date on the most recent ransomware threats so you know what to look out for. End users will be one step ahead of cybercriminals if they learn how to identify the threats and implement necessary countermeasures.
- Invest in good cybersecurity technology.
Invest in next-generation antivirus software that detects malicious programs such as ransomware that responds, and remediation capabilities across your network and preventing unauthorized applications from running in the first place.
Ransomware attacks have already caused devastating outcomes to many companies around the world. Never assume that your company can be exempted in any way because, in ransomware, anybody can be a target. Stay ahead of the game by constantly educating your workforce, performing regular backups, and establishing a strong cybersecurity strategy for your company.
Do you need assistance? Speak with one of our experts to get started on your digital transformation. Please contact us right away!
Data Connect Technologies Pte Ltd is a dynamic ICT and Services Provider with over 18 years of experience in providing excellent IT support to companies all over Singapore.
Data Connect Technologies Pte Ltd is a Gold Partner of Microsoft and has recently been recognized as one of Singapore’s Fastest Growing Companies 2021.