What Are the Best Ways to Avoid Becoming a Victim of Ransomware?
Ransomware is one of the more dangerous forms of malware. It’s also been growing at an astonishing rate due to the fact that a majority of victims pay the ransom to their attackers.
In 2020, ransomware attack volume grew by 485%. Also going up were the cost to remediate an attack and the average ransom demand.
In the first half of 2021, there has been an 82% increase in the average ransom demand from attackers. It’s now more than CA $717,200. That doesn’t even factor in a company’s costs for technical remediation of the attack and the downtime they experience until they regain access to their data.
The prevalence of ransomware and increase in attacks means that a company in London, Ontario is more at risk of becoming a victim than they were just six months ago. If you don’t have the proper IT security protections in place, you could end up suffering a costly attack.
What’s causing ransomware to run rampant? Several factors are contributing to the rise of this type of malware.
Factors Causing the Increase in Ransomware Attacks
Victims Pay the Ransom
Ransomware has become a great business bet for hackers and large criminal groups. Over half of victims pay the ransom, which further emboldens the attackers.
Just one hit on a company can bring in hundreds of thousands of dollars, and even millions when it’s a larger organization
For example, early this year the world’s largest supplier of beef and pork, JBS, was hit with a major ransomware attack that closed plants in the US, Canada, and Australia for several days. The company paid the attackers $11 million in ransom to regain operations and avoid potential data leaks.
Ransomware as a Service
The profitability of ransomware attacks has led to a new service model being offered by criminal organizations and state-sponsored hacking groups called Ransomware as a Service (RaaS).
RaaS is modeled after Software as a Service (SaaS), and offers a ransomware attack package, with access to code, phishing emails, and even help desk support from other hackers. Novices can sign up for a low monthly fee and try their hand at a big ransomware score.
This has increased the number of attacks significantly.
Companies Aren’t Following Best Practices
So many companies get hit with ransomware and end up paying the ransom because they’re not following simple best practices for cybersecurity. Things like having a firewall, keeping systems backed up regularly, and training employees on phishing detection seem obvious, but many businesses try to handle IT security on their own and fail.
According to the Sophos 2021 Threat Report, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks.”
Steer Clear of Ransomware Using These Best Practices
Keep Software & Endpoints Updated
Many strains of ransomware exploit vulnerabilities in software or operating system code. These types of attacks can be avoided by simply keeping systems properly updated.
It’s important to put a managed patch and update system in place so that all endpoints and cloud applications are having security patches applied in a timely manner.
Use Managed Backups & Test Restoration Regularly
A good number of ransomware attack victims that pay the ransom have a backup copy of their data. However, they’ve never tested the data restoration process, so pay the ransom because they think it might be faster than recovering their backup.
You should use managed backup so that you won’t have to worry about data not being captured properly. It’s also vital to test your backup restoration regularly and go through incident response drills to ensure your team is ready to recover data quickly if needed.
Keep Your Team Trained
Employees are the first line of defense against ransomware and other types of attacks because phishing is still the main tactic used to infect networks. Well-trained employees can significantly reduce your risk of falling victim to a ransomware attack.
Train employees regularly on things like:
- How to spot phishing emails
- What to do if they suspect a phishing email
- Password security best practices
- New types of phishing scams being used
- Social media and SMS phishing
Use Network Security with Zero-Trust Tactics
Having a firewall should be standard for any business, but you also need to be deploying zero-trust tactics to fight today’s malicious and sophisticated threats. For example, some forms of malware are “fileless” which means there is no actual malware code file for a standard antivirus to detect.
You want to use advanced network protection with zero-trust. This combination includes things like:
- Proactive threat hunting
- Multi-factor authentication
- DNS filtering
- Email spam/phishing filter
- Application safe-listing
- VPN for remote and mobile employees
- Network segmentation for remote employees
Don’t Become Another Ransomware Headline!
PartnerIT can help your Ontario business put strong and affordable zero-trust security measures in place that protect you from ransomware and other costly online attacks.
Contact us today to learn more at 519-672-0900 or through our website.