Halfway through 2021, ransomware attacks are on the rise, and more companies are publicly disclosing the incidents. In addition to the nationally reported Colonial Pipeline attack, which temporarily shut down gas deliveries on the East Coast and sparked panic buying, many other high-profile attacks occurred, targeting both private companies and public agencies.
Also making headlines this year were attacks on firewall vendor Accellion, IoT solutions provider Sierra Wireless, Microsoft, multinational electronics corporation Acer, laptop manufacturer and Apple business partner Quanta Computer, and the Washington, D.C., Police Department. What’s notable about several of these attacks is that they didn’t just affect one company or agency—hackers exploited vulnerabilities in tools used by many businesses and government organizations to extort multiple victims.
For example, the Accellion breach targeted the company’s File Transfer Appliance (FTA), a tool used to move large and sensitive files within a network. Publicly known victims included grocery chain Kroger, law firm Jones Day, the state of Washington, and the University of Colorado, among others. Likewise, the email server attack by Chinese hacking group Hafnium that exploited Microsoft Exchange Server flaws is estimated to have compromised at least 30,000 organizations.
If this is giving you the idea that everyone is potentially at risk from a ransomware attack, you’re on the right track. If it’s making you think that you’re unlikely to be the primary target of such an attack if you’re a smaller company, you’re wrong.
Not Too Small to Be at Risk
The reality is that hackers also target smaller organizations because they aren’t likely to have the staff, technology, or expertise to work around having data held hostage. For example, the Fresno Council of Governments, an organization with less than 25 employees, was hit in September 2019 by a group demanding only one Bitcoin (about $8,000) in ransom.
Bitcoin is a favorite ransom demand with hackers because you don’t have to provide personal information to have a Bitcoin account, and the transactions aren’t routed through traditional banks. While Bitcoin transactions are traceable, in practice they are notoriously hard to connect to an individual. Although the U.S. government was able to recover some of the funds paid out in the Colonial Pipeline hack, private companies shouldn’t count on the authorities riding to their rescue. If you end up having to pay a Bitcoin ransom, don’t count on getting any of it back.
What Companies Need to Know
If you are attacked: The first step is to evaluate the quality of your backups to see if and how your company can recover from the loss of data. If you can’t recover via backups, then you need to determine the cost to reproduce or recreate the lost data. If neither of these turn out to be viable options, then you need to consider actually paying the ransom.
However, before you pay anything, contact a cybersecurity firm. It may be possible to remove the ransomware and restore your files without paying the hackers. After all, paying a ransom to criminals is no guarantee they’ll keep their word and restore your access. It should only be a last resort.
Educate your team: Humans are the weakest link in cybersecurity. Companies can avoid ransomware attacks if their employees are educated on the latest security threats. That means they need to be doing ongoing security awareness training, including testing their staff with phishing email testing exercises and retraining staff members who keep failing the test.
You can be sure we will be seeing more ransomware attacks in the future. The best strategy to avoid being a victim is to plan ahead. Cybersecurity firms like ours can help reduce the likelihood you’ll be hit by enhancing your security measures and backing up your data. With the right kinds of prevention, you might never need a cure.