It’s every info-tech executive’s worst nightmare: A cybercriminal has encrypted files at your organization — threatening to leak or destroy the information if they don’t receive payment. That’s a sign you’ve been hit by a ransomware attack, caused by malicious software that holds the data in your system hostage.
Your IT department has every reason to worry. Ransomware is on the rise worldwide. These malware attacks in North America rose 104% year-over-year in 2021, according to research from cybersecurity company SonicWall. Ransomware rose 122% year-over-year in Asia and 175% year-over-year in Europe, the report found. U.S. President Joe Biden also cautioned businesses, warning that Russia may wage cyberattacks against the United States to retaliate against sanctions posed during the war in Ukraine.
As attacks become more common, the cost to your organization will be steep. Global ransomware damage is expected to cost victims over $265 billion annually by 2031, according to cyber-economy researcher Cybersecurity Ventures.
So as the alarm bells sound, is your organization prepared? Our list of frequently asked questions is designed to help you assess your readiness.
What is a ransomware attack?
Ransomware is a type of malware that encrypts files on a device. This renders files and the systems that rely on them unusable, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The person or group behind the attack then demands ransom money in exchange for decryption. Malicious actors may threaten to release stolen data or publicly shame victims as a form of extortion. There isn’t a precise range for the ransoms and prices can vary from $70 to millions of dollars, depending on the size of the company. Payment is often requested in cryptocurrency.
“The way it looks in general, whether it’s for a large or small company…is that users or workers will not be able to access any data, or at least, the business’ most important data,” explains Matt Morris, managing director at technology firm 1898 & Co.
The consequences of a ransomware attack will vary by company and are often linked to the services a business provides. Many won’t be able to access their network, retrieve any files or make any transactions, thus rendering their whole system inoperable. Some others, like healthcare facilities, may see some of their services interrupted. That may include the inability to conduct MRIs or access the computer systems necessary for surgeries.
How does malware get on my computer?
Malware can infiltrate your company’s system in different ways. Commonly, employees encounter malware as unsafe email attachments or phishing emails that mimic messages from real businesses. Clicking and downloading these files can infect your computer and spread through your company’s network. Unsecure or scammy websites may also host malware.
What does a ransomware message look like?
You enter your office, and it’s business as usual. You turn your computer on and nothing happens, the screen is still black…and then a message appears.
“Usually these messages will explain what has happened to your computer and ask for money or Bitcoin, and give a series of instructions as to how to send it,” Morris explains.
One famous ransomware attack in 2017 used the Wannacry virus to infect thousands of computers worldwide. Wannacry initiated a pop-up message that explained the infection, how to recover files and how to pay (complete with a convenient Bitcoin button).
“This is the usual scenario we encounter when it comes to messages in ransomware attacks, very direct and to the point,” says Morris.
Sometimes messages may redirect users to a link, where they will encounter the same payment demands, adds Peter Trinh, cybersecurity architect at information technology company TBI. A few hackers like to add dramatic flair by including pictures, like skulls and bones, as part of the message.
Should I just pay the ransom?
The answer depends on the situation. According to Morris, big companies may save money by agreeing to pay the ransom, instead of spending twice or three times more trying to fix whatever disruption the malware may have caused. “This affects, for example, supply chain companies, where a delay of a few weeks can cost the company much more than what the ransom is,” Morris says. However, even if the ransom is paid, nobody can guarantee that hackers will unlock the data or that they will not end up asking for more money.
“Sometimes what can happen is that these bad actors may not be entirely professional and not really know what they are doing, even if they do want to unencrypt all the data,” Morris says.
Is there any insurance that can cover ransomware attacks?
Yes, there are some general insurance companies that offer this service as part of their cyber-insurance coverage, including Hixcox, Chubb and CrowdStrike. Prices range depending on the level of protection and the amount of the ransom the company is willing to cover. Regardless of your coverage needs, the price is rising. Over the last two years, many insurance companies are hiking up their rates and slashing the amount they cover due to the large sums demanded by hackers.
What are your next steps if your company is targeted? Who should you call?
Time is crucial in a ransomware attack. “You have to contact your local FBI branch immediately and talk to their cyber-crimes department. They can help guide you as to what to do next,” Trinh says.
Next, experts also recommend calling your insurance to see if you have protection against ransomware. “Some do and may be able to help you recover some of the data, or even help pay the ransom, if that’s what you want,” Morris explains.
Both the insurance company and government agencies will provide you with next steps that should be followed carefully. Be sure to take a picture of the ransomware message on your screen to show to the authorities. You will also be instructed to turn your computer off and unplug it. This step should be done to every infected device to prevent malware spread across your network.
If you have any action plan set up in the event of a cyber attack, set it in motion and alert your IT department. The sooner you do, the faster you can stop the virus from spreading to other devices. If you do not have a plan in place, you can develop one using guidance from CISA or the National Institute of Standards and Technology.
What can companies do to prepare for ransomware attacks?
CEOs should first identify their critical assets, the data that is most crucial to the company. “Once you have identified it, then you build firewalls and antivirus around that data. You focus your protection efforts there,” Morris says. If a hacker wants to get into your system, they will eventually breach securities, Morris warns. However, these protections can make breaking in more difficult.
Because cyber threats aren’t usually on the top of the list for most CEOs, often critical data is left vulnerable. Financial constraints can also influence the level of protection afforded to a company’s data — not all businesses can afford to pay hefty insurance premiums for cybersecurity or hire consultants to set up deterrents.
CEOs can set up guidelines to protect their company by following the NIST manual, says Keshav Kamble, chief technology officer of cybersecurity company Avocado Systems. “You can create your own guidelines in order to prevent an attack, setting up protocols employees must follow, regular backups, and of course, guidelines everyone must follow in case the attack does happen,” Kamble explains.
Another way to minimize damage: frequent backups. “If you do regular backups of critical information, data and whatever is important to the organization, if you do get attacked you’ll still have your info,” says Colin Constable, cybersecurity expert and co-founder of The @ Company, which runs a platform to develop privacy-forward apps.
Backups allow you to avoid major losses and having to pay the ransom, though you’ll still need to clean all systems to expel the virus.
What companies are most at risk of being targeted?
No company is safe from ransomware threats. However, small companies have borne the brunt of the burden in recent years, precisely because they are usually less prepared for an attack. “Threat actors are generally going to go after targets that provide the greatest return on investment for their time and efforts,” Morris says, explaining that most small companies prefer to pay the ransom, which is usually a much smaller fee than for larger companies.
However, giant corporations are not exempt. Just last year, hackers carried out a devastating strike against oil transportation system Colonial Pipeline that resulted in the loss of tens of millions of dollars.
“When thinking about ransomware attacks, the question isn’t if it’s going to happen to your business, the question is when it’s going to happen, because eventually it will happen to you too, and you’ll need to be prepared,” says Constable.