It’s impossible to check the news lately without hearing about ransomware. Recent attacks have disrupted the distribution of jet fuel and gasoline to the East Coast of the U.S. and halted production for the world’s largest meat supplier, according to The New York Times.
In the wake of these devastating assaults on vital infrastructure, Anne Neuberger, the deputy national security advisor for cyber and emerging technologies on the National Security Council, has issued an open letter to U.S. business leaders urging them to take immediate action to protect themselves against ransomware.
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.
The Rise of Ransomware and Its Devastating Fallout
The first ransomware campaign – perpetrated by the evolutionary biologist Dr. Joseph Popp – involved floppy disks distributed by mail in 1989, according to a CSO article on the history of ransomware. In the decades since its birth, this type of malware has become one of the most widespread and well-known cybersecurity threats in the world.
A 2020 survey of 5,000 IT managers across 26 countries found that 51 percent of respondents reported getting hit by ransomware during the previous year, according to The State of Ransomware 2020 report from Sophos. Worldwide, the report states it costs $761,106 on average to remediate a ransomware attack, taking into account factors such as downtime, people time, lost opportunities, network- and device-associated costs, and ransom payments.
Colonial Pipeline Co. CEO Joseph Blount disclosed to the Wall Street Journal that his organization paid a ransom of $4.4 million. In response to another recent attack, the insurer CNA Financial handed over approximately $40 million to cybercriminals to decrypt the firm’s data, according to MSSP Alert.
The decision to pay the ransom is a controversial one, as the FBI discourages cooperating with criminals so as not to incentivize their behavior, according to The New Yorker. Still, victims facing extended downtime and the prospect of months of work to reconstruct their systems might feel giving in to the hackers’ demands is the least damaging option. For instance, after refusing to pay a $50,000 ransom in 2018, the city of Atlanta subsequently spent upwards of $2 million on recovery efforts such as digital forensics and crisis-focused public relations, The New Yorker states.
However, in general, paying the ransom roughly doubles the overall average cost of bouncing back from a ransomware incident from $732,520 to $1.45 million, according to Sophos. The State of Ransomware 2020 report notes that “the costs to recover the data and get things back to normal are likely to be the same whether you get the data back from the criminals or from your backups. But if you pay the ransom, you’ve got another big cost on top.”
In the case of the Colonial Pipeline, the Department of Justice tracked down and recovered most of the ransom payment, according to CBS News. However, successful ransom recovery is rare, and it’s unlikely that the federal government will go to the same lengths for small businesses that experience similar cyberattacks.
Additionally, the ransom money is typically only a minor portion of the total costs of a ransomware incident. You need to account for network downtime, business interruption, reputation damage, lost customers, recovery expenses and so on. Companies that fall victim to ransomware infections can also face regulatory penalties (especially if sensitive data gets leaked in the process, as some hackers threaten to do if they don’t get their money).
SMBs and Ransomware: What Smaller Companies Can Do to Avoid Disaster
The recent spate of high-profile attacks has included not only the Colonial Pipeline and the meat supplier JBS but also the Steamship Authority of Massachusetts, Infosecurity states. On Tuesday, June 1, ransomware also struck the Tokyo headquarters of the multi-national conglomerate Fujifilm, according to TechCrunch.
Based on that list of targets and headlines about ransomware in general, you might think that hackers only go after big game to maximize their profits. However, small and midsize businesses (SMBs) don’t fly under the radar: In Sophos’s survey, 47 percent of organizations with 100 to 1,000 employees got hit by ransomware, compared to 54 percent of those with 1,001 to 5,000 staff members.
Hackers set their sights on SMBs just as commonly as they go after large enterprises. And if multi-national corporations with plenty of resources at their disposal to devote to cybersecurity are still getting hit, that speaks volumes about the severity of the situation for smaller organizations without as much access to advanced IT security solutions.
Fortunately, SMBs can reduce their risk of experiencing ransomware infections and other types of cyberattacks by working with a third-party managed security service provider (MSSP). For a fraction of the cost of maintaining an in-house security department, an MSSP can provide and manage advanced risk-reducing solutions:
- Network and endpoint managed detection and response (MDR)
- Security information and event management (SIEM)
- Routine security risk assessments
- Proactive monitoring and Security Operations Center as a Service (SOCaaS)
- Virtual on-demand CISO services
- Incident response services (malware detection, threat analysis, data breach notification, crisis handling guidance)
These solutions and services helped one of our clients rapidly recover from a ransomware infection that encrypted their servers. Although they weren’t a managed cybersecurity services client at the time, our Computer Security Incident Response Team (CSIRT) went on site and worked with the company’s IT staff to triage and clean up all affected machines.
You can read the full case study on our website, but ultimately we contained the ransomware, got them back up and running, and deployed proactive prevention and detection measures against future infections in only two and a half days.
In today’s climate of relentless ransomware attacks, you can’t afford to neglect cybersecurity. For more information about how to reduce your risk of becoming a victim and effectively respond to an attack if you get hit, feel free to reach out to our security analysts by calling 877-599-3999 or emailing firstname.lastname@example.org.