Ransomware first emerged in 1989 and after its initial introduction, largely disappeared for many years. Fundamentally, ransomware attackers launch some type of malware that takes an organization’s data and encrypts it. The attackers then charge a monetary amount to get the decryption key that enables the retention of the data and files. Essentially your data is taken hostage, and you have to pay a ransom to get it back.
This model has become particularly valuable to attackers in recent years because even if your data is not important to anyone else, or profitable to sell, it is likely very important to you and your business. Modern cyber criminals know that data is key to business continuity. In the medical field, no doctor or surgeon is able to move forward with treating patients without access to their charts and medical history. If a manufacturing company is unable to access its files, plants and production lines all grind to a halt. Every organization has individualized data and tools that are critical to its success.
In this article, Security Awareness Advocate Erich Kron shares his perspective on the evolution of ransomware and how organizations can protect against modern attacks.
As any cybersecurity professional knows, ransomware has evolved in recent years. Security Awareness Advocate Erich Kron has seen the shift organizations have had to make to protect themselves from modern cyber-attacks that capitalize on current events like the pandemic. The evolution has elevated ransomware to a much more sinister, harmful threat than when it first emerged.
The human aspect of ransomware and protecting against it has been largely overlooked for many years. Recently, industries are beginning to understand the importance of the human element and a person’s ability to defend themselves against security threats. According to Sophos, the average ransom paid during an attack is more than $170,000 with total costs to the organization climbing to nearly $2 million. As attackers expand their ability to monetize with ‘Ransomware as a Service model, empowering individuals with the knowledge to recognize and stop a ransomware attack will be critical to protecting your business.
According to Kron, if you aren’t actively preparing for a ransomware attack you are setting yourself up for disaster. Since attackers have recognized that data does not have to be valuable to anyone but the business, the size or type of organization is no longer relevant. Every company needs to be vigilant in protecting its files and data.
To effectively protect yourself against ransomware, implement a layered defense to ward off attempted attacks. There is no one ‘silver bullet’ one-stop solution that will guarantee safety. Instead, create a foundation of protection that starts with building training and awareness within the organization.