Federal law enforcement officials and cybersecurity experts agree that organizations targeted by ransomware shouldn’t pay their attackers. In its 2020 ransomware guide, the Cybersecurity and Infrastructure Security Agency says that paying ransoms doesn’t guarantee that your data will be decrypted or that your system is not still compromised.
A new ransomware report from Cybereason offers another reason. A survey of more than 1,400 cybersecurity professionals found that 80 percent of organizations who paid a ransom demand after a successful cyberattack experienced a second attack, sometimes less than a month later, in which the attacker demanded a higher ransom amount.
‘Biggest Global Threat’
Public and private cybersecurity analysis have issued warnings for years about the escalating threat of ransomware attacks. Those warnings grew even louder earlier this week. Lindy Cameron, head of the UK’s National Cyber Security Centre, identified ransomware as the single biggest global threat we face right now.
“Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they’re increasingly offered by gangs as a service, lowering the bar for entry into cyber crime,” Cameron said in a speech during the Tel Aviv Cyber Week. She added that such attacks increasingly “have the potential to affect our societies and economies significantly.”
Follow-On Effects of Ransomware
Cyberattacks don’t merely carry a financial cost for organizations and businesses. They can pose existential threats. The Cybereason report found that a third of all businesses surveyed said they were forced to suspend operations temporarily or permanently in the wake of attacks.
For those companies that didn’t close their doors, successful attacks led to layoffs and resignations. Nearly 40% of organizations had to let staff go following an attack. Another 35% said ransomware attacks led to resignations among corporate officers.
No Room for Complacency
NCSC initiatives have made recent progress in eliminating specific threats. Lindy Cameron told the Tel Aviv Cyber Week audience that UK initiatives such as the Takedown Project in 2021 and the Suspicious Email Reporting Service have saved hundreds of millions of dollars.
Organizations across the world, including the Cybersecurity and Infrastructure Security Agency in the U.S. have devoted increased resources to the problem of ransomware. And yet, the risk of attacks continues to escalate.
The Internet Security Report published earlier this week by cybersecurity firm WatchGuard found a sharp rise in the volume of ransomware attacks. Q1 ransomware incidents in 2022 hit 2,365, according to the report – well more than three times the number in Q1 of 2021.
Identify Your Vulnerabilities
No business or organization is immune from cybersecurity threats. Ransomware gangs target any entity from which they think they can extract valuable information or succeed in extorting a ransom payment.
Government watchdogs and law enforcement agencies have provided guidelines to limit an organization’s vulnerability to attack. These include maintaining offline encrypted backups of all critical data and hardening endpoint security organization-wide.
The SecureDrive® Solution
The data security specialists at SecureData understand how critical it is to prevent backup systems from lateral infection by ransomware and other types of malware. They’ve built a suite of tools that give organizations maximum control over critical data at rest and in transit.