Ransomware is one of the biggest issues for businesses today, with scammers demanding around $13,000 per attack. The downtime associated with an attack costs more than $64,000 on average. Making matters worse, many are demanding payment in expensive cryptocurrencies such as Bitcoin.
So who is a target? The simple answer would be everyone. Vulnerability, however, can depend on the type of data a business possesses as well as the urgency of getting that data back. While scammers also consider is how secure an organization is and how well trained their employees are, at the end of the day the most important factors are critical data and a team that will need to make quick decisions.
By far one of the biggest ransomware targets is education, especially colleges and universities. Part of the reason is the vulnerabilities specific to higher education – limited budgets, small IT teams, and a very high rate of file sharing across the network. These organizations also possess extremely profitable information such as medical records, social security numbers, and financial data of both staff and students.
Last year Monroe College was one of the many universities to be hit with a ransomware attack, in their case resulting in technology systems going down. The hackers demanded nearly $2 million in Bitcoin.
Just like higher education institutions, government organizations, on all levels, hold sensitive data. They also must respond quickly to a breach or hack, therefore they will be more likely to pay the ransom.
Many cities have become victims of ransomware, in most cases costing millions. The most recent and detrimental example is the infection that hit the city of Baltimore in May of 2019, inhibiting government processes for over a month. While the cybercriminals behind the attack only demanded $76,000, the city spent over $18 million recovering. ATMs, airports, and hospitals were all affected.
Hospitals and other healthcare institutions harbor invaluable medical records not only essential to operations but also critical in life and death situations. Like government organizations, they are more likely to pay a ransom based on the type of data.
Incredibly, a survey of 582 IT security professionals found that 50% of healthcare industry professionals believe they would be unable to handle a threat. This surely seems to be the case as many healthcare providers continue to get caught by cybercriminals. This past Spring an Ohio NEO Urology practice paid a $75,000 ransom to regain access to their systems, which they had been locked out of for three days.
The majority of ransomware attacks are successful because of human error – likely a malicious link in an email or visiting a compromised website. In other cases it is spread through malvertising or an unintentional downloading of suspicious software (drive-by download). With this in mind it is important to use antivirus and antispam software and ensure all systems are patched. The moment something is out of date (whether it be the operating system or a cloud application) it is immediately vulnerable. Also consider practicing the least privilege principle and network segmentation so that only the people that need access to sensitive data have it.
Provide employees with recurring cybersecurity training so they are adept to phishing attacks and social engineering strategies. Cautious staff will make a huge difference in preventing successful malware attacks.
While we would like to avoid a ransomware attack completely, there are several provisions to ensure one doesn’t invite chaos. First have an incident response plan so everyone knows what to do during the event. Secondly guarantee your organization’s data and software are safeguarded with multiple iterations of backups. Regularly test and save the backup system so that ransomware attacks will be easier to overcome.