What is Ransomware?

According to the World Economic Forum’s Global Cybersecurity Outlook, ransomware remains the top concern for cybercrime year after year while in 2023, Cybersecurity Ventures predicted that an organizations will fall victim to a ransomware attack every 2 seconds by 2031. As they are increasingly becoming more of a threat to businesses, it is important for us to answer; what is ransomware and how can you protect your organization?

In this article we will cover:

• What is ransomware?
• What is the most common delivery method of a ransomware attack?
• What is the cost of a ransomware attack?
• What are the five stages of a ransomware attack?
• What can an organization do to prevent ransomware attacks? 

What is Ransomware?

Ransomware is a type of malicious software that infects a computer and other digital devices, restricting access and threatening data destruction unless a ransom is paid. The two main functions used for ransomware are either the core operating system using lockout mechanisms, or possession of data files by encryption.

IBM describes ransomware as this:

“Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker.”

What Is The Most Common Delivery Method of a Ransomware Attack?

The most common point of delivery for ransomware is by email phishing. Other delivery methods include weak passwords and access management, report clickbait, malicious websites and lost/stolen user credentials. However, according to the Global Threat Intelligence Report, methods around ransomware are evolving beyond encryption, incorporating new tactics and technologies like AI.

What Is The Cost of a Ransomware Attack?

Ransomware attacks can be financially devastating to businesses, the cost will vary depending on the threat actor but according to IBM’s 2024 Cost of a Data Breach Report, ransomware attacks were reaching an average of $4.91 million. In the Who’s Who In Ransomware Report from Cybersecurity Ventures, it is predicted that by 2031 ransomware could cost victims $265 billion annually.

“In the first half of 2024, the average extortion demand per ransomware attack was over USD 5.2 million.”

Some of the better known and shockingly costly global ransomware attacks include:

• MOVEIt: $12.15 Billion
• LockBit: $91 Million
• WannaCry: $4 Billion
• NOTPETYA: $10 Billion
• Qilin: $32 Million

Although 2031 feels light years away, there are actions that can be taken today to help prevent businesses from falling victim to a ransomware attack.

What Are The Five Stages of a Ransomware Attack?

1. Distribution – The method of distributing the attack, such as a phishing email.
2. Command and Control – Once inside, the ransomware will establish a connection with the threat actor’s server to receive instructions.
3. Credential Access – The malware continues with the attack by stealing credentials and gaining access to more accounts in the network.
4. Data collection and exfiltration – Data will be collected and the attacker will begin to exfiltrate and encrypt local and network files to use them as ransom.
5. Deployment – Payment is demanded to release or decrypt the files back to the business.

What can an Organization Do To Prevent Ransomware Attacks?

There are many ways you can protect your organization against ransomware attacks, but these are a few steps organization can take to manage the risk:

• Insurance - Make sure your company is insured against ransomware, as part of a cyber liability policy.
• Security Audits – As for every area of security, it is important to conduct regular audits. This should include assessing internal and external (such as from 3rd party providers) risks that may be vulnerable to ransomware, as well as auditing all critical assets that may be targeted including data and digital assets. Once an audit has been completed, organizations should ensure that they have recovery processes in place should they ever be hit with a ransomware attack.
• Incident Response Plan - Prepare an Incident Response Plan (IRP) as soon as possible, either drafted by your CISO or through a company and legal committee – collectively known as the Incident Response Team (IRT).
• Incident Response Team – Is a committee of members formed to make decisions and delegate tasks, with full contact details as well as back-up personnel.
• Identity and Mobile Device/User Management – Usually done through the Security Audit above but worth mentioning again, and can be supported by Mobile and Authentication Access Control solutions.
• Data Backup and Recovery - Having a backup and disaster recovery solution in place to help recover from a ransomware infection. With a reliable backup and recovery solution implemented, 96% of Managed Service Providers (MSPs) report clients fully recover from ransomware attacks.
• Detection and Monitoring - Continuous monitoring of assets and deployment of technologies to contain threats.
• Training - Organizations must be vigilant in training employees about current threats and how to guard against them.

IBM advises that if hit with a ransomware attack, organizations must ensure to document the situation, work with the authorities and carefully consider whether making payment is the right thing to do once the affected areas have been isolated.

While taking these steps may not protect you 100%, they’ll go a long way to preventing, protecting and mitigating any ransomware threat in the foreseeable future.

Editor's Note: This blog was originally published on October 11, 2022 but has since been updated to reflect industry changes and new insights.