This article was updated on October 3, 2020.
Every 14 seconds, a business around the world is hit by a ransomware attack[1]. While this form of cyber threat was traditionally targeted toward consumers, over the last few years tides have shifted—with businesses accounting for 81 percent of such attacks, according to Symantec’s Internet Security Threat Report[2].
Given these statistics, it makes sense that ransomware is one of the more common forms of cyber attacks we see in our line of work. Too often, companies come to us after a breach has taken place—when data is already encrypted, and the demand for payment already made. Fortunately, there are ways to minimize the damage while avoiding paying off the bad guys—but to do so effectively, you need to be prepared. Many organizations find out the hard way the damage that such attacks can do, and often underestimate the impact of a total or partial shutdown of their operations.
Ransomware is malicious software that can penetrate your company’s network and data. For your systems to work again, a ransom will be demanded, but complying with the demand doesn’t come with a guarantee.
As with many types of malware, there is no silver bullet to defend against ransomware. Rather, many of the basic cybersecurity steps you can take will help to thwart a ransomware attack. One trend that is clear in many of the ransomware attacks we’ve seen, is that the victims have often ignored even the most basic steps to protect themselves.
In many of the ransomware breaches we investigate, not only are the primary networks encrypted, but the backup system is too. This is largely due to weak procedures and practices—costly missteps that are all too easy to prevent.
For instance, in many of the cases we see, the backup system remains online and connected to the network all the time such as an external hard drive that’s permanently plugged into the main network.
This means that as soon as someone hacks into that network, they have access to the backup drive as well. To avoid this, you should ensure that at least one of your backup systems is offline at all times and completely separate from your main network. This can be achieved by housing it at an external or offsite location or by utilizing cloud services—and making sure you’re storing offline copies. You should also take steps to regularly test your backup system and restore your data. There’s nothing worse than falling victim to a ransomware attack and finding out, at that moment, that your backup system was improperly configured all along and that your data cannot be restored.
That said, a good backup system isn’t capable of saving a company all on its own. After a cyber-criminal breaches your network, chances are high that they could still be in there. That’s why it’s also critical to conduct a post-breach investigation. Such an investigation can help you uncover leftover viruses, malware or other forms of espionage—and erase any lurking elements that are left with the intention of stealing your data over time.
To learn more about how Grant Thornton can help your company defend itself from ransomware attacks and other cybersecurity threats, .
[1] https://www.cpomagazine.com/cyber-security/11-eye-opening-cyber-security-statistics-for-2019/
[2] https://resource.elq.symantec.com/LP=6819?inid=symc_threat-report_istr_to_leadgen_form_LP-6819_ISTR-2019-report-main&cid=70138000001Qv0PAAS
A 24 hour hotline to assist anyone with an urgent cyber breach or incident:
+1 844 40 CYBER
