According to Cybercrime Magazine and Cybersecurity Ventures, global ransomware will cost the world nearly USD $20 billion in 2021 and is projected to exceed USD $265 billion by 2031. On average, the ransom demanded during an attack is roughly $5,600, but what is worse is the downtime after an attack can cost up to 50 times more than the ransom itself.

Ransomware is a type of malware that encrypts important company files and holds them for ransom, which typically ranges from hundreds to thousands of dollars. Last year, cybercriminals made billions of dollars from attacking businesses with ransomware, and because cybercriminals have learned to monetize cyberattacks, their frequency and severity will inevitably continue to grow exponentially.

Most ransomware attacks come in the form of an email attachment, so you should always exercise extreme caution when opening email attachments and never open an attachment from an email you were not expecting to receive or from a sender that you do not recognize. You should exercise the same caution when you receive an email containing a hyperlink from a sender that you do not recognize. With today’s advanced ransomware techniques, all it takes is a simple website visit to become infected with ransomware.

The FBI has provided warnings regarding a sharp rise in ransomware attacks on small and midsized businesses across the United States. There are different types of ransomware and ransomware attacks; however, all of them will prevent you from using your computers normally and will ask you to do something before you can use your computer. These ransomware attacks can:

  • prevent you from accessing the operating system services
  • encrypt files and deny access; and
  • stop certain applications from running (like your web browser)

In some instances, ransomware hackers will also copy files on the attacked system. In those cases, the integrity of sensitive customer/company information is at risk. Ransomware attackers do not discriminate, so companies of all sizes should know how to prevent this cyber threat. Below are the most effective methods of ensuring your business does not fall victim to ransomware:

  • Conduct employee awareness training
  • Improve endpoint protection/security
  • Deploy software patches/updates in a timely manner
  • Enforce “strong” password policies
  • Set up and properly maintain a firewall and segmented network
  • Use immutable backups and frequently test restorations
  • Implement enhanced email security technology
  • Whitelist applications
  • Perform regular vulnerability assessments
  • Restrict employee access only to those systems necessary to perform their job
  • Restrict the use of personal equipment on the company’s network
  • Immediately isolate machines that are suspected to be infected

ECC IT is committed to protecting our clients’ sensitive data by proactively addressing security concerns as well as providing relevant and timely security expertise. Our Cybersecurity Team can help you develop ransomware attack mitigation strategies that are uniquely tailored to your business. Please contact your ECC IT service lead at (301) 337-3100 for additional information.