Ransomware continues to be lucrative for criminals in 2022, with attacks growing in sophistication, and targeting both businesses and individuals. Businesses know the risks and the need for protection, but as we experience what the European Union Agency for Cybersecurity (ENISA) calls “the golden era of ransomware,” it’s important to understand how these attacks are evolving, and what can be done to prevent, address, and recover from them.
Ransomware, which encrypts and denies access to critical data while demanding ransom be paid for access to be restored, affects many Canadians. According to Angus Reid, critical Canadian infrastructure was the target of more than 100 ransomware attacks in 2021, and 30 per cent of Canadians said they have been indirectly affected in situations where their data was held by a third-party who was attacked; with one-in-10 saying their personal accounts have been affected. The Canadian Internet Registration Authority found that 69 per cent of organizations targeted by ransomware paid the ransom. Globally, the average ransom paid appears to be about C$200,000.
But the ransom is only part of the cost of these attacks. The cost of recovery for organizations and individuals has jumped from less than C$1 million in 2020 to C$2.3 million in 2021, according to the Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security. The CSE suggests the stability of ransom payment amounts could be due to criminals tailoring their demands to what victims will pay. Around the world, ransomware attacks grew by 151 per cent in 2021.
The new threat landscape
Cybercrime is no longer a lone wolf practice; it is a sophisticated form of digital organized crime. Attackers know the value of sensitive data and how to leverage it in their extortion. Indeed, the ransom might not be the only goal for some criminals: stolen data itself has its own value, and can be used and sold whether or not ransom is paid.
New forms of cybercrime continue to emerge to keep pace with the expansion of technological advances and new tools, including ransomware that can intelligently mine for security loopholes, and exploit them.
While organizations differ, there are often internal conditions increasing risk. Fragmented productivity tools, separate applications in different facilities, and disparate storage properties can all increase the number of targets available to an attacker.
Without sufficient protection, ransomware targets have almost no room to manoeuvre, often finding themselves cornered into dispensing high payouts, or managing downtime and its cost to the business.
Safety and recovery
Mitigating the blast radius of a ransomware attack requires addressing three areas: securing and protecting data, detecting threats early, and enabling the rapid restoration of data following an attack. Such a multi-faceted approach can reduce the risk of data loss and downtime. Here are some things to keep in mind for each area:
- When protecting against attacks, hardened security and zero-trust access controls (such as multi-factor authentication) is just the start. Backup of an organization’s data can mitigate attacks in several ways. After all, if the data stolen by an attacker remains available, secured in an isolated location, there is less incentive to pay a ransom. Also, whatever the outcome of an attack, an immutable backup will speed the recovery process and allow operations to continue with minimal downtime. Beyond cyberattacks, backups can also support potential compliance audits and defend against liability.
- Early detection of threats allows businesses to minimize the impact of an attack, and speed up sanitization and recovery efforts. Advanced security tools can spot suspicious activity, behaviours, and events as they happen.
- Often overlooked in discussions of ransomware is the role of recovery. Solutions should support rapid recovery of data to reduce downtime and help meet recovery SLAs. Disruptions impact operations, and the longer they go on, the greater the cost. Features such as built-in de-duplication, compression, and bandwidth optimization eliminate redundancies while ensuring copies of data are available for quick restoration. A cloud-based control dashboard can allow administrators to restore data even when the production environment has been lost.
Not every ransomware attack will be prevented, but with a strategy in place to protect, detect and recover, costs and disruptions can be reduced. With so many incentives for attackers to pursue the development of ransomware, it’s vital to counter it with every available means.