Ransomware attacks are on the rise, and even more worrying is the fact that they do not discriminate. Whether it be a large financial organization’s server or your grandmother’s computer with family pictures - anyone and everyone can be victimized by ransomware. Ransomware infection vectors are varied, and though at the beginning they started with crude phishing links in emails that were easily discernable, they have evolved and become more sophisticated ranging from fully automated mass campaigns to directly targeted spear RDP (Remote Desktop Protocol) attacks. Ransomware does not target any specific operating systems either, as we have seen a rise in ransomware infections among Apple Mac users and mobile users. With the advent and popularity of remote work and work from home brought on by COVID-19, we project a further increase in ransomware attacks.
Here are the main threats posed by ransomware for both organizations and individuals.
Operational disruption is a key threat that is brought to the table when we discuss the issue of ransomware attacks.
For a financial organization, a system lockout caused by a ransomware attack could lead to large losses in the short term as the organization will be unable to perform regular business activities. While in a hospital or healthcare situation, a ransomware attack could lead to a delay in communicating proper information causing unnecessary damages, and at the worst case patient death due to delay of information transmission.
Operational disruptions due to ransomware attacks are also a serious threat to a nation’s infrastructure services, such as energy and food, which today is a key topic in national security defense. This year, Colonial Pipeline, a major oil pipeline in the US, was forced to shut down its operation due to a ransomware attack that locked out some of it systems. This caused panic in the market causing large fluctuations in gas prices due to a fear of a possible shortage.
Data exfiltration and blackmail threats
Though previously uncommon, the theft of data for the purpose of stealing intellectual property (IP) or blackmailing are now commonly found in tandem with ransomware attacks. This poses another serious threat for corporations that have spent a lot of time and capital on research and development. It also poses a true national security threat as chances of sensitive data being stolen has increased with this practice.
Malicious actors have also begun to blackmail and threaten organizations of releasing their private data to the public should the ransom not be paid. And if paid, the victims can never be sure if the bad actors will truly keep to their word.
Different costs associated with ransomware
There are many associated costs that follow ransomware attacks – both tangible and intangible costs.
Being pressured to pay the ransom to return business operations and hoping to prevent private data from being shared publicly is one such cost. And even more concerning is that the cost of these ransoms have doubled. Many smaller businesses simply are unable to afford these extortionate rates, with some being forced to. Having to clean up the damage left by the ransomware such as replacing equipment, third party security assessments and hardening of security measures and hardware are another form of direct costs organizations are forced to bear. One of the heaviest direct cost however is that data that is decrypted after a ransom is paid may be corrupted. 92% of all paid ransoms end up with some form of data corruption. This causes a massive loss in both time and capital for the victims as they rush to salvage what data they can so that business operations can return to normal.
The loss of business due to downtime and data loss can also cause the loss of trust in an organizations capability and security causing both direct and indirect cost impacts. Loss of contract revenue due to the loss of business, and higher costs to maintain customer relations due to the loss in trust will directly impact a business’ bottom line. Being a victim of a ransomware attack can be double trouble for organizations that may face both legal and regulatory trouble. Legal fees, non-compliance fines, penalties, restitution, threat of lawsuits are all possible cost factors that can follow a ransomware attack.
Organizations also suffer other forms of costs such as increasing insurance premiums, a rise in cost to raise debt due to a more than likely drop in credit rating, and even the devaluation of the brand and trade name. This also another reason why many organizations choose to pay a ransom instead of going public about a breach.
Finally for businesses that rely heavily on their IPs, the loss of IPs can become a massive blow to their business as their IP data may be leaked to a competitor or made public.
As businesses move more towards digitization of process and business operation, so too will we continue to see the rise of ransomware. There is not stopping this threat currently, however it is possible to mitigate some of the risks. It could be as simple as assessing and hardening network security, or even a brief talk from a security team on how to maintain proper protocols within business units. We all have a part to play in the future, and now is not the time to get complacent.