Colonial Pipeline, JBS… Why Is Ransomware Getting Worse?
It’s hard to turn on the news lately without hearing about cybersecurity. The recent ransomware attacks on Colonial Pipeline and global meat producer JBS have been a big wake-up call about the prevalence of ransomware and just how disruptive it has become.
One attack took advantage of an unused employee VPN account that did not have multi-factor authentication enabled. It led to a gas shortage across the East Coast and a nationwide increase in the cost of a gallon of gasoline.
In the case of JBS, impacts haven’t been felt yet, but the company is the world’s largest producer of beef and pork, so nearly a week-long shutdown of all its U.S. plants is bound to have a ripple impact seen by consumers.
Both attacks underscore the fact that ransomware has been getting worse over the last several years. This is born out by several statistics:
- In 2020, ransomware attacks skyrocketed by 485%.
- The cost to remediate a ransomware attack more than doubled over the last 12 months.
- The average ransomware payment increased 171% in 2020.
What’s causing ransomware cost and attack levels to overshadow other types of online threats? We’ll go through several contributing factors below and give you some tips on ransomware protection.
Factors Causing Ransomware to Become So Dangerous
Companies Are Paying the Ransom
Both Colonial Pipeline ($4.4 million) and JBS ($11 million) paid attackers the ransom demanded in Bitcoin to get their operations back up and running. They are in the majority, with 56% of ransomware victims on average paying the ransom.
Companies pay either because they don’t have a complete backup of their data in place or they have one but it will take too long to restore, so they opt for what they consider to be a faster and less costly solution.
Payment of the ransom by companies has made ransomware very lucrative, thus more hackers look to it to make money. This includes both individuals and large criminal organizations.
Ransomware Brings a Company Down for the Count
Ransomware is one of the most devastating types of malware. It encrypts a company’s data and spreads rapidly to other devices on a network, and even into syncing cloud storage services.
When hit with ransomware, most companies have their operations completely stopped, so they’re in an urgent situation. Doctor’s offices may not be able to access patient records, automated processes on a production line can be broken, and the list goes on.
Because it’s devastating and takes down operations so swiftly, victims are more apt to pay the ransom demand.
It’s Been Optimized by Criminal Organizations
When you can get $11 million from a single ransomware attack, that’s money that makes criminal organizations stand up and take notice. Many of them have moved into the cyberworld and ransomware.
They’ve also optimized ransomware delivery, reducing the time it takes attacks spread throughout a network. These organizations also have the capital and manpower to create elaborate hoax phishing sites designed to look like legitimate sites and fool users into giving up their login credentials.
Another tactic these organizations are using is to sell ransomware as a service, duplicating a model used by legitimate software companies. This one-to-many approach is one of the reasons for the rapid proliferation of ransomware.
What Should You Do To Avoid Becoming a Ransomware Victim?
Use a Reliable Backup and Recovery Solution
There are two important parts to being resilient if hit with a ransomware attack, the first is the backup and the second is the recovery. You don’t want to be stuck with a slow recovery process, like so many others that end up paying the ransom.
Make sure that all device data is being backed up daily and that your recovery process is fast, complete, and tested regularly in incident response drills.
Conduct Ongoing Employee Security Awareness Training
Ransomware often originates through phishing emails. These emails have become more sophisticated over the years and often spoof the sender’s email address to fool the recipient into believing the message is legitimate.
It’s important to keep employees well-trained on how to spot phishing, what to do if they suspect phishing, and how to keep their accounts and passwords secure.
Use Basic Cybersecurity Hygiene
In the case of Colonial Pipeline, their ransomware infection may have been completely avoided if they had only used the best practice of enabling multi-factor authentications (MFA) on all logins.
You’d be surprised just how many companies aren’t following good cybersecurity hygiene. They fall victim to completely avoidable attacks.
Here are some of the basics you should be following:
- Enable MFA on all employee logins
- Use a firewall with advanced threat protection
- Use spam and DNS filtering
- Ensure all employee devices (including mobile) use anti-malware software
- Keep all devices updated and patched
Are You Properly Protected from a Ransomware Attack?
GEEK911 can help your San Jose / Silicon Valley business ensure you have the basic safeguards in place to protect your company from a devastating ransomware attack.
Contact us today to schedule a consultation! Call 1-866-433-5411 or reach us online.