Blog

The Growing Ransomware Threat: How to Identify & Remediate Common Vulnerabilities | Risk Strategies

Written by Admin | Oct 6, 2020 4:00:00 AM

With Robert Rosenzweig, Mike Convertino (Arceo.AI), Bill Hardin (Charles River Associates), and Steve Krusko (Berkley Cyber Risk Solutions)

In our latest Cyber webinar, our National Practice Leader Robert Rosenzweig partnered with experts from Arceo.ai, Charles River Associates and Berkley Cyber Risk Solutions to delve into some of the most pressing ransomware threats businesses are facing and how to defend against them. Too many organizations are leaving themselves open to attacks when they can be taking steps to prevent them, and the cost of complacency can be staggering!

What You Missed

Current Ransomware Trends

“Cybercrime” encompasses a wide range of potential criminal activities, ransomware being just one of these threats However, it is by far the most prevalent and rapidly growing risk in today’s market, as criminals stand to make huge profits by holding companies’ sensitive information hostage. They’ll target businesses of any size – which is easier to do as every industry becomes more reliant on technology – but will typically go for those with smaller annual revenue and less resources to draw on for defense. They will quickly access sensitive data, lockdown systems and extract huge payments from businesses, many of whom will pay the ransom in order to mitigate business interruption costs, which can be far higher than the ransom.

On average, the cost of a ransomware attack is $275,000. This does not include the costs to investigate, restore systems, or remediate vulnerabilities. In addition, average business interruption costs are $398,000. For the victims of these attacks, incurring some cost is unavoidable.

Double-Ransom Tactics

This troubling type of ransomware attack occurs when victims are made to pay twice for one attack. Until recently ransomware attacks would simply extort organizations to regain access to encrypted data. However, since some organizations may have backups of their important data that are disconnected from the internet, the attacker can raise the stakes by threatening to publish the data they’ve already stolen from the network online. The Maze ransomware strain introduced this technique in 2019, and many others have begun adopting it since.

Common Vectors

In addition to Maze there are several prevalent strains of ransomware, most notably REvil, Ryuk, Tycoon and NetWalker (AKA Mailto). Regardless of the type, the vectors by which they gain access to systems are largely the same — phishing emails, pirated software, poorly monitored remote networks, etc.

Some companies may be unaware of these points of vulnerability, or else they may think it will be too complicated or expensive to invest in defenses. The good news for all of us in the face of rising threats, however, is that investing in proper security can be both uncomplicated and cost-effective.

What You Need to Know

Roadmap for Remediation

Companies can take simple measures to defend themselves from ransomware attacks, none of which require a huge monetary investment or a dedicated cyber team. In our webinar, we outline email and network standards that companies should follow. For example, registering email domains and setting up authentication methods will allow your organization to detect and prevent phishing scams, and verify that emails are coming from other authorized servers. As many of us work from home, protecting Remote Desktop network ports is imperative.

Human error is at the root of most attacks. Train employees to recognize fraudulent emails, perform regular system maintenance, and back up data. It doesn’t matter if you don’t have the most sophisticated IT program. If you’re asking the right questions and bringing in vendors who have that knowledge, you’ll be able to make the right choices to protect your business. It’s far better to institute these protections now, rather than after the worst has happened!