Ransomware operates primarily by encrypting files on the victim’s infected system, rendering them inaccessible to the user. The attacker then demands a ransom, often payable in cryptocurrencies like Bitcoin.
A recent survey from Zscaler [PDF] shows that there has been a huge surge in ransomware activities and this year is projected to be a record year for ransom payments.
Ransomware typically affects organizations that rely on immediate access to critical data, such as hospitals and municipal agencies.
Why the surge in ransomware activities?
This surge is largely attributed to a strategy known as “big game hunting,” where cybercriminals target fewer but more significant entities, extracting much larger sums than before. The largest ransom ever recorded is a staggering $75 million payment made to a ransomware group called Dark Angels by a Fortune 50 company.
Victims of ransomware attacks often face a difficult decision of whether to pay the ransom to regain access, or risk permanent data loss. If the ransom is not paid, attackers may threaten to destroy or leak sensitive data publicly. While paying a ransom may seem like the quickest way to recover data, it is generally discouraged as it perpetuates the cycle of cybercrime.
Many organizations opt to negotiate with attackers through third-party incident responders or cyber insurance firms, often using cryptocurrency for payments. However, paying does not guarantee recovery, and there is always a risk of future attacks or data exposure.
Also, normalizing the payment of ransoms leads to an exponential increase of the ransom demand. Just last year, most attackers demanded less than $200,000 but by June of this year, the average ransom demand had increased to approximately $1.5 million.
Refusing to pay a ransom sends a message against the profitability of cybercrime. However, organizations must be prepared for the potential fallout, including the possibility of data leaks. Experts recommend contacting cybersecurity professionals to assess the situation and determine the best course of action, including evaluating backup options and the potential impact of data exposure.
“Recently, ransomware has become the greatest cyber threat to organizations. It keeps spreading and targeting various businesses, from hospitals to oil pipelines, to capitalize on the fear of operation disruption and data loss,” says Vakaris Noreika, head of product for NordStellar. “To pay or not to pay a ransom is the hardest question companies struck by cyber extortion must answer as they face the prospect of permanently losing access to their information.”
“Companies that agree to pay a ransom shouldn‘t be victim-blamed as they surely went through a big moral dilemma, and surrendering to threat actors must have been the last resort to restore their business and protect their client’s reputation,” Vakaris Noreika added
However, organizations can mitigate ransomware attacks by implementing a couple of cybersecurity measures.
One of the most fundamental steps is to use antivirus software and firewalls to protect every device and network within the organization. This helps prevent malware infections that can lead to ransomware attacks.
Additionally, it is crucial to keep all systems up-to-date with the latest software patches and updates, as cybercriminals often exploit known vulnerabilities in outdated software. Employee training is another critical component of a comprehensive ransomware defense strategy. By educating staff on how to recognize and avoid phishing attempts, organizations can significantly reduce the risk of unauthorized access to their systems and networks.
Regular backups of important data are also essential, ensuring that organizations can restore their systems and data in the event of an attack. Encryption is another powerful tool in the fight against ransomware. By encrypting sensitive information, organizations can protect their data from unauthorized access, even if it is stolen during an attack.
Finally, in the unfortunate event of a ransomware attack, organizations must cooperate with law enforcement and cybersecurity experts. By reporting the incident and sharing information, organizations can help authorities track down and prosecute the perpetrators, while also receiving guidance on how to mitigate the damage and prevent future attacks.
