Ransomware is malware that typically demands payment in exchange for releasing files or computer systems hijacked by encryption.
While there are many different iterations of ransomware, the most basic form of the cyberattack involves these five steps:
- Infection: Ransomware is covertly downloaded and installed onto the unsuspecting device
- Execution: Ransomware scans and maps locations for targeted file types to delete or encrypt
- Encryption: Locks access to the data discovered in the Execution map
- Extortion: A sum of money is demanded from the victim in exchange for the restoration of data
- Decryption: Usually after the victim pays the ransom. In some cases data is not retrievable despite paying the ransom.
Repercussions of a ransomware attack
When a ransomware attack targets an organisation, most people assess the repercussions in terms of cost, including the ransoms, regulatory fines and liability expenses, which can be very significant. However, a ransomware attack causes other intangible negative impacts, including reputational damage from a successful cyberattack.
Data loss and a breach of privacy for customers are valid reasons for consumers to lose trust in a business, no matter how sophisticated the ransomware attack is. When consumers lose trust in the organisation, it can have serious consequences for the business. In some cases, depending on how sensitive the customer data breach is, customers may boycott or even sue the business. Business growth will also be impacted, with potential customers driven away by bad publicity. While larger businesses may be able to absorb a partial loss in customers or investors, smaller and medium-sized companies may not be able to recover.
Ransomware attacks often also result in some downtime, in the form of disruption to business operations, during and after an attack. This typically results in lost revenue and unproductive employees. Financial losses stemming from the disruption are often significant. Any disruption to retail, utilities, and critical infrastructure services can greatly inconvenience customers and even put them in danger.
Can your organisation keep up?
To mitigate the risk of ransomware, organisations, together with their employees, must address both preventative and responsive measures:
- Familiarise yourself with two-factor authentication (2FA) when securing a company device. 2FA is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting at least two instances of identification in the form of a password, SMS verification code or a phone call.
- Only download software from reputable sites approved by your organisation.
- Follow company protocol when it comes to identifying socially engineered phishing emails.
- Immediately contact IT if you encounter suspicious activity or malicious content on your device.
- Regularly back up their sensitive data and store it onto an external server if possible. This would allow organisations to restore any lost information without having to negotiate with hackers.
- At a minimum, most devices the organisation provides should be equipped with regular virus scans and moderate firewalls.
- Ensure that employees’ devices are updated to the latest operating system and that all installed applications are up-to-date with the latest security patches.
- Vulnerability scans should be carried out regularly to identify all known vulnerabilities, and the IT department should have a schedule to fix them as soon as possible.
- Activate web and email protection, such as popup blockers, to block employees’ access to malicious websites and use anti-virus software to scan all downloads.
- Limit the types of approved application installations on company devices to minimise the risk of malicious content getting onto the employees’ devices.
- Conduct cybersecurity awareness training across the organisation to keep all employees updated with the latest security protocols and threats to watch out for.