Gaidar Magdanurov is the Chief Success Officer at Acronis.
Ransomware attacks are a real threat facing everyone, from large enterprises to small businesses to home users with little to no professional or government involvement. It’s almost inevitable that all business owners will encounter a ransomware attack at some point in their professional career, with at least 53% of businesses being open to a supply chain attack, according to my company’s research. One study found that Covid-19 saw a 521% increase in malicious emails between October 2021 and January 2022, boosted by the saturation of remote workers and the need for remote services.
Businesses must act. It’s not enough to hope your IT team is capable of preventing any potential attack. Delaying action only leaves organizations vulnerable to attacks that otherwise could have been prevented or, at the very least, reduced to minor damages. Coveware reported that the average ransomware attack payment was $136,576 in Q2 2021, a number too high for many businesses to afford, especially with the pandemic severely affecting profits in several industries.
So, what happens when there is a ransomware attack on a business?
Even if it feels like you did absolutely everything right, ransomware attacks can hit—sometimes at what seems to be the worst possible moment for you, financially or reputationally. Unfortunately, for critical data, businesses might feel like they have no choice but to pay the ransom if business operations are severely hindered by the attack. It’s important, however, for every organization to assume that the data won’t be decrypted even after the payment or that the data might be corrupt. Payment also doesn’t necessarily mean everything will go back to normal. After all, these are cyberattackers with no regard for the law or their victims. Data decryption also takes time, which adds a risk of the data being corrupted by the time it’s accessible to the appropriate hands.
Additionally, paying ransom acts as positive reinforcement for criminals, motivating them to attack additional infrastructures and seek out further victims. For the attackers, risks are low, rewards are high, cost of attack is usually negligible. So, it is usually a better option if there is an opportunity to avoid paying the ransom and cut the losses. Quite often, the recovery cost may be comparable with the criminals’ demands, and then it is a no-brainer, taking into consideration the risk that paying the ransom will not help bring the data back.
As the chief success officer at a company that provides cybersecurity solutions, I’ve found that there is one extremely important step many businesses don’t consider after the attack. It’s critical to investigate the source of the ransomware attack and address the issue. If it’s an employee clicking on a risky link, train your employees better in identifying phishing attacks and remind them to keep a safe password that only they know, such as a passphrase. Invest in two-factor authorization software for all devices and employees. Update all your software and hardware regularly, and improve your cyber security infrastructure to keep up with the evolving blows attackers throw your way. Also, configuring your network regularly can intercept malicious traffic and make it harder for criminals to target your organization. If there are gaps in security, they should be addressed. Every security incident is an opportunity to learn more about the vulnerabilities of the infrastructure and improve the security posture. Security is a process, a process of constant improvement, tests and validation.
Ensure your company has several reliable backup solutions in place. A ransomware attack can switch from being a devastating blow to a mild inconvenience for businesses with the right backup solutions installed. Good backup should provide built-in security, the ability to patch the systems on restore to prevent reinfection and the ability to provide digital forensics to investigators. As mentioned before, each attack is a source of learning for future improvement, but to learn, you need the data. Forensics can also help to bring the criminals to justice, but without a copy of the data, I’ve observed that it is rarely possible to conduct a thorough investigation.
All of these steps combined can greatly reduce the risk of an incoming ransomware attack while ensuring your business won’t suffer greatly if one slips through the cracks despite your best efforts.
Ultimately, cyberattacks will never go away. Criminals are intelligent and able to adapt, no matter how quickly cyber protection companies act and release new software and updates. The best course of action is to take preventative measures with antivirus, vulnerability assessment and patch management software, and make sure to have a solid backup in place. Mitigating damage to a minimum is a realistic and tangible goal with the right cyber protection solution.