In 2021, ransomware attacks hit businesses across the globe at an unprecedented ferocity. These attacks have reached the point where the American government has been regularly weighing in and the Department of Justice is now treating Ransomware as an act of terrorism.
While most news stories focus on attacks on large businesses that causes global mayhem, it is important to remember that ransomware can and will impact businesses of all sizes. In fact, at least one SMB will suffer a ransomware attack every 14 seconds.
What is a Ransomware Attack?
Ransomware is a form of malware, or malicious program, that encrypts and locks the victim’s files. The attacker then promises to “release” those locked files for a fee, or ransom. Once the victim pays the ransom, which is usually paid through the untraceable cryptocurrency Bitcoin, the attacker will send decryption keys to unlock the locked files.
This form of cybercrime is lucrative for cybercriminals since businesses will often panic and pay the ransom to get back to work, as the cost of the ransom is often minor compared to any extended period of downtime.
Furthermore, ransomware gangs are sophisticated, and often operate similarly to a well funded and organized business. For example, the Russian hacking group, REvil, essentially acts as a “hacking supplier,” providing ransomware services and other hacking tools to third party cybercriminals.
How Does a Ransomware Attack Start?
According to a 2021 statement by the Cybersecurity & Infrastructure Security Agency, the most popular method for carrying out a ransomware attack is through email phishing campaigns. Phishing is a form of social engineering where an attacker attempts to trick someone into opening and interacting with a fraudulent email. Phishing emails can lead to ransomware inadvertently being installed on the targeted system, or the attacker tricking the victim to reveal their private login credentials.
Phishing emails are designed to look like a legitimate email, such as a request from your manager to review a file, a popular online service such as Amazon or Netflix, or a threatening request demanding that you take certain action or face legal consequences. In any of these scenarios, once the potential victim interacts with the email by opening a file, clicking a link, or filing out information on a fake login page, trouble may soon ensue.
Ransomware Attacks in 2021
Although we are only slightly past the midway mark for 2021, this year has already proven to be filled with ransomware drama. Below are several high-profile ransomware attacks that have happened so far in 2021.
March 2021 Ransomware Attack – CNA Financial Corp.
Finance organizations such as insurance companies and banks are often high targets for ransomware as there is more to gain by locking out critical systems relating to people’s finances. Earlier this year, hackers targeted CNA Financial, one of the largest insurance companies in the U.S., with a ransomware attack that locked employees out of their network for almost two weeks. In the end, CNA opted to pay the record setting $40 million dollar ransom to the cyber hijackers.
May 2021 Ransomware Attack – Colonial Pipeline
Perhaps one of the more alarming ransomware attacks to date, the gasoline distribution giant Colonial Pipeline experienced an attack in May that nearly caused a global panic. Fearing a gas shortage, residents across the southern United States flocked to the pumps to collect as much gas as possible, which only further exasperated the threat of a gas shortage. This inevitably led to cancelled flights, gas station closures and a nationwide spike in gas prices.
This attack not only caused Colonial Pipeline millions of dollars, but it also brought up several concerns about their security processes, as the entire attack begin with one single compromised account that should have been deactivated.
July 2021 Ransomware Attack – Kaseya
To date, the July Kaseya ransomware attack is the most widespread global attack ever carried out. Kaseya, who provides monitoring and management services to IT Service Providers, was hit by an attack that spread throughout their systems and then to their client’s systems. This cause major outages across the world and a major headache for the technology provider.
How Can You Prevent Ransomware Attacks?
Ransomware truly can impact any organization, so it is important to have a plan in place to prevent or respond to a ransomware attack. Below are several ransomware preparedness steps you should implement:
- Have Solid Cloud Backups – Ransomware locks files on your systems. However, if you have good backups in place, you can simply restore the file from a backup and move on. It is important that you have a copy of your backup offsite, as it is possible for onsite backups to becomes infected as well.
- Implement a Patching Schedule – Updating your servers and devices is critical for your overall security plan. Updates and patches often include security updates, which includes fixes for newly discovered vulnerabilities.
- Security Awareness Training – Your employees are both your first and last line of defense. Make sure that your employees know how to identify a phishing email and other common social engineering techniques. Check out our blog on Security Awareness Training for more information.
- Get a Cyber Insurance Policy - Cyber security insurance is becomes much more mainstream. Cyber insurance can help you rebound quickly in the event of a major security incident.
- Get Help – Security is not an easy task. Partnering with a mature IT Service Provider can reduce your overall security risk and keep your employees connected and protected.
Looking for more information? Check out our Cybersecurity blog post for some quick wins for your team.