Ransomware is not new but it continues to be one of the biggest challenges for every kind of organization in recent years. There were a total of 308 million ransomware attacks in 2020. This means a 62 percent increase from 2019. At the same time, ransom payments are also increasing. In the first quarter of 2021, the average of ransom payments was over $220,000.
The rise clearly shows us that cybercriminals are doubling down on ransomware as a means of extorting money. Because of this great interest, there are many types of attack vectors for ransomware. Remote desktop protocol, phishing emails, and software vulnerabilities are the top three of them. By using these vectors, criminals have deployed many attacks including some well-known examples such as Locky, WannaCry, Ryuk, Bad Rabbit, CryptoLocker, Petya, and GoldenEye. The list goes on.
There are also some attacks that directly target specific organizations to compromise their supply chain for ransomware. Kaseya, which develops software for managing networks, systems, and information technology infrastructure, was one of the latest victims. Although they shut down their SaaS servers to ensure the protection of more than 36,000 customers as soon as they detected the attack, some customers were already seeing ransom demands.
Traditional cybersecurity approach
The traditional cybersecurity approach, putting the walls between your organization and criminals, is no longer sufficient or capable of ensuring 100% breach protection. Having the best solutions or tools in the market cannot guarantee absolute security. An incautious employee or a breached supplier can quickly turn you into a victim. It means we all can be victims of a ransomware attack in the future.
Since there is no absolute security, we have to focus on what we will do in case of an attack. Victims of ransomware attacks have two options. They can either pay the ransom and try to take their data back or they can respond and try to recover if they have a well-prepared plan. To sum it up, pay or plan.
Pay or plan?
The first option is paying the ransom. In some circumstances, this option may seem like the best one to avoid catastrophic consequences. Companies that consider it an easy swap and expect to get their data back after the payment are increasingly choosing to pay the ransom. More than half (%56) of the victims paid the ransom to restore access to their data in 2020. But this doesn’t mean that they succeeded. Because whether they paid or not, only 29% of victims were able to restore all their encrypted or blocked files following an attack. From this point of view, the easy option is not that easy.
The second option is following the conventional recommendation and not paying the ransom. It is clear that we are not immune to ransomware and in case of an attack, even paying the ransom may not save us. In order to survive without paying, we have to build a strong and resilient security posture. Building cyber resilience is about preparing for, responding to, and recovering from cyber-attacks. It helps organizations limit the severity of attacks and ensure their survival functions. Responding and recovering requires realistic planning.
Incident response management
A solid incident response plan is the key to limiting the damage and recovering. It provides an advantage to organizations in the fight against time, which becomes the most limited resource at the moment a threat is detected. Studies show that organizations with clearly defined steps and responsibilities and tested response plans respond faster. According to Mimecast’s The State of Email Security Report 2020, %, 31 of organizations experienced data loss due to a lack of cyber resilience preparedness.
Considering that we all are potential victims of ransomware, we have to be ready for it. Under some circumstances, we may have to pay the ransom. But even in these circumstances, we need solid planning regardless of payment. Planning gives us a chance to respond and recover. Without a plan, we have no choice but to pay the ransom, not knowing that we can fully recover.