Ransomware attacks are increasingly popular with cybercriminals because even if organizations are able to recover systems, they still pay a ransom to prevent further damage.
In 2020, many criminal gangs have devised a way to force victims to pay a ransom after breaking into their systems: by making the stolen data public if the ransom is not paid. When 2020 started, only the Maze ransomware gang used this trick, but by the end of the year, there were 17 more gangs learning.
According to Emsisoft’s “Ransomware Situation” report, even if the victim fully restores the system thanks to a previous data backup, they still pay tens of thousands or millions of dollars to the perpetrator. to prevent them from leaking stolen information. That leads to an increased rate of financially motivated attacks and consequently a better rate of return for cybercriminals.
Malware attacks had thousands of victims last year, with hundreds of government agencies, healthcare facilities, schools and private companies falling prey to hackers. Emsisoft’s report shows that public institutions in the US are worst hit with at least 2,354 government, healthcare and educational agencies affected.
The way victims are handled is also different: some people pay the ransom to restore the system, some refuse and spend weeks to months in recovery, while others still pay even if they recover.
According to Emsisoft, the financial damage caused by ransomware reaches billions of dollars. Due to the proven ability to succeed, there will be many gangs applying this data theft and leak technique.
However, there are many relatively simple measures that can be implemented to prevent ransomware and other types of malicious attacks. Phishing is one of the most common forms of ransomware distribution, especially in the increasingly popular remote learning and working context. Therefore, organizations should warn employees about the importance of caution when opening emails and attachments. If an employee suspects something, they should report it to the technical person in charge.
Organizations should ensure they have a strategy for patching and updating products in a timely manner, in case cybercriminals take advantage of a well-known vulnerability to spread malicious code. Regular backup updates should also be a priority because when the worst happens, they can completely restore the system without paying a ransom.
Emsisosft Chief Technology Officer Fabian Wosar believes that proper investment in people, processes and information technology will significantly reduce ransomware incidents and mitigate the severity and damage if it occurs.