Businesses hoping for a break from cybersecurity worries are facing some major headwinds. As overall cybercrime counts continue to rise, the threat from ransomware in particular has exploded. In March 2022, the FBI’s Internet Crime Complaint Center (also known as IC3) released its 2021 Internet Crime Report, which found ransomware attacks have increased by 82% from 2019 to 2021. In the same time frame, the total cost of attacks increased by 449%.
The FBI found ransomware caused $49 million in adjusted losses in 2021. However, those losses are almost certainly an undercount, as they don’t include costs that weren’t reported to the FBI. Nor does that number include the cost of lost files, time, wages, equipment or associated third-party remediation.
With these potential costs in mind, we’ve put together this primer on ransomware to help you avoid a successful attack on your business – and take the right actions should the worst occur.
Ransomware is a specific type of malware that encrypts files on the impacted device or network. These files are then unusable until the target pays the attacker a set ransom. The attackers almost always leave a ransom note on the target computer during the attack, with instructions for how to pay the ransom in cryptocurrency. [Related article: What Small Businesses Should Know About Cryptocurrency]
Specific criminal gangs often use different types of ransomware, and some may rent out their ransomware to other criminals in a product known as “ransomware as a service,” or “RaaS.”
Given the large payouts criminals can earn through ransomware attacks, as well as competition among ransomware gangs, ransomware and its operatives continually change tactics and evolve. For example, cybersecurity company Palo Alto Networks noted in its March 2022 Ransomware Threat Report how RaaS operators are doubling down on additional methods of extortion since 2020.
Some ransomware gangs now employ a technique in which the ransomware operator steals sensitive information from a company before encrypting the files. The ransomware gang then threatens to leak the files online if the ransom demand is not paid. This is an increasingly common tactic: Verizon’s Data Breach Investigations Report found ransomware appeared in 10% of breaches in 2021, doubling 2020’s rate.
Other ransomware operators take threats even further with a third level of extortion, which includes making threatening calls to employees or launching denial-of-service (DoS) attacks on business websites. As with double extortion, the gangs may use these tactics to incentivize payments or to demand a second or third ransom payment.
All ransomware attacks encrypt data to extort a business into paying a ransom. Some ransomware groups even steal a business’s data or take other threatening actions to extort payment. Learn how to mitigate the damage of a data breach against your small business.
Successful ransomware attacks encrypt data on a targeted device. This causes system downtime and potential long-term disruption, whether or not a business pays the ransom. Depending on the type of ransomware and the gang responsible for an attack, the impact on a small or midsize business can even go beyond these consequences.
In a whitepaper on ransomware attacks in Canada, Palo Alto Networks reported long-lasting impacts on businesses. The company found that 58% of businesses take longer than a month to recover from the attack, and 29% take more than three months to fully recover. During these months, businesses incur substantial costs in lost revenue, contract IT recovery services, new equipment and more – in addition to any ransom they paid.
If a ransomware group also breaches data, businesses may have to pay regulatory fines or shoulder the cost of identity theft prevention services for impacted customers. The business is likely to suffer reputational damage from a data breach as well. [Related article: What Is Reputation Insurance?]
Verizon’s 2021 Data Breach Investigations Report found that 95% of ransomware attacks incurred costs between $70 and $1.2 million, with a median loss of $11,150. Learn how to tell if your computer is infected and fix it before costly problems arise.
You can block most ransomware attack attempts by following best cybersecurity practices in your business. The FBI’s IC3 found the majority of ransomware attacks took advantage of three attack vectors in particular: software vulnerabilities, phishing emails and remote desktop exploitation. All three of these vectors coincided with the rise of remote work and potentially lax cybersecurity arrangements. [Teach your team these cybersecurity tips for working from home.]
You can prevent ransomware attacks on your business with a mix of technological controls and security practices:
CISA has a step-by-step guide for what to do after a ransomware attack on your business. However, these instructions assume your business has an incident response team and a fully trained and staffed IT team available. At a basic level, you should isolate the affected systems and networks as soon as possible after infection and take all backups offline to secure them from potential infection.
You should contact the FBI about the attack as soon as possible and also file a report with the IC3. Your local FBI field office can provide assistance following an attack.
The FBI discourages paying the ransom, as this incentivizes further attacks, and there are no guarantees that the ransomware gang will actually decrypt the data if you pay. In some instances, data is corrupted during the encryption and decryption process, rendering payment useless.
After working with law enforcement and IT personnel, you should clearly communicate with your internal and external stakeholders about the attack. Tell your customers whether or not any sensitive information was stolen and about potential next steps, such as changing their passwords.
One you’re certain the ransomware has been removed from the affected devices and systems, use the oldest available backup to restore all data and system configurations. This decreases the chances of hidden malware in the backup.
Data from Verizon, Palo Alto Networks and the FBI paint a clear picture of increasing ransomware attacks. Ransomware gangs continue to adapt and change their tactics, finding new ways to secure payment from impacted businesses. As long as ransomware groups are able to extort businesses into paying, attacks are likely to continue increasing and evolving.
Still, businesses are not defenseless. The right preparations can prevent a ransomware attack entirely, or at least mitigate the impacts so your business can recover quickly. For more guidance on mitigating and responding to cyberattacks, read our small business guide to cybersecurity.