The Biggest Cybercrime Threat Of 2022

Ransomware Report—The Biggest Cybercrime Threat Of 2022

Ransomware is likely today’s biggest threat to cybersecurity, and it’s only getting more dangerous. Do you know the state of ransomware in 2022?

It feels like no more than a few days go by without another ransomware story in the news.

What used to be just one threat present in the cybercrime landscape has now become the clearest and present danger to modern businesses.

Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack occurred every 11 seconds in 2021. It’s almost a total certainty that you will be attacked with ransomware at some point, and possibly even infected.

That’s why you need to take action and defend yourself.

What’s The Reality Of Ransomware in 2022?

According to Sophos’ annual State Of Ransomware Report, this popular weapon in use by cybercriminals around the world is only becoming more common:

• 66% of organizations were hit by ransomware in the last year
• 65% of attacks resulted in encrypted data
• 72% experienced an increase in cyber attacks and related damages

How Does Ransomware Work?

In a ransomware attack, an unsuspecting user clicks on a seemingly safe link or an emailed attachment that appears to be a bill or other official document.

Unfortunately for the user, that link/attachment isn’t safe. By clicking it, the user compromises their credentials, giving the cybercriminals the login information they need to access the company’s network.

The cybercriminal can then remotely access the target’s IT environment, gain remote control over the user’s computer, and gather intelligence to determine the ideal place and time to attack and infect the systems with ransomware.

How Does Ransomware Infect Your Systems?

There are five primary ways that hackers trick targets into downloading ransomware:

Phishing

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.

Malvertising

Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link. That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.

Remote Desktop Protocol

RDP is a known infiltration point for cybercriminals, especially for unpatched systems.

3rd-Party Remote

Many cybercriminals are attacking third-party remote-control tools as they know that once they can gain access to a remote control tool, they will have access to several machines that can be infected.

Out Of Date Hardware

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

The Threat Of Ransomware Is Evolving

Just a few years ago, ransomware wasn’t as big of a concern.

While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

Expanded Timelines

Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away.

This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems.

Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.

Improved Capabilities

Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.

No matter how strong your defensive capabilities are, ransomware may still get through. That’s why you need to plan out how to respond to an attack.

What Is The Real Cost of Ransomware?

Ransom

This is the most obvious cost, and it just keeps going up. According to Sophos, 3x as many victims paid ransoms of $1 million USD or more last year. This is up from 4% in 2020 to 11% in 2021. According to Datto, the average ransom requested by hackers is increasing. IT companies report the average requested ransom for SMBs is ~$5,900, up 37%, year-over-year.

Downtime

As Kaspersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data.

That’s time in which you can’t get work done, can’t serve your clients, can’t gain new business, and still pay your employee wages and ongoing costs to keep the lights on.

Put simply? Lots of expenses with no revenue. 90% of respondents in Sophos’ report said that ransomware affected their ability to operate, and 86% said it cost them money.

Remediation

Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching HIPAA or FINRA regulations?

These all get added to the bill for getting hit by ransomware. Just think for a second about what it would be like if you couldn’t access your data. Technology is such a crucial part of business today, that without it, you can’t do much of anything.

On average, Sophos found that it cost $1.4M USD to recover from a ransomware attack. The recovery process took up to a month to complete for many businesses that were infected.

Why Does Ransomware Work?

This may seem like an odd question, but it’s important to consider—if ransomware attacks are this common, and generally work the same way every time, why haven’t they become less effective? Because businesses like yours keep letting it happen.

Despite the countless examples of how dangerous ransomware is, very few businesses are taking the necessary steps to protect themselves.

According to Datto, 89% of MSPs are “very concerned” about the ransomware threat and 28% report their SMB clients feel the same. It’s this lack of concern among businesses that makes them such perfect targets for cybercriminals.

Ransomware & Cybersecurity Insurance

A key result of ransomware’s ever-growing threat is the proliferation of cybersecurity insurance.

More and more businesses are hoping to cover their losses in the event of an infection. Sophos notes that more than 80% of mid-sized organizations invest in cyber insurance to defend against ransomware.

However, that’s not necessarily going to keep them safe. 34% of organizations say there are exclusions or exceptions in their policy that limit their coverage.

The core issue is that as cybercrime becomes more common and more damaging, insurers will become more aggressive in finding ways to deny coverage. Furthermore, in the case of ransomware, they may not even be allowed to cover the ransom. In some instances, paying the ransom may be illegal, as it may fund a known party that has been deemed dangerous by the US government.

For many reasons, it’s in the insurer’s interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with.

Another example is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar.

This is not an isolated incident. As discovered by Mactavish, the cyber liability insurance market is plagued with issues concerning actual coverage for cybercrime events:

• Coverage is limited to attacks and fails to address human error
• Claims are limited to losses that result directly from network interruption, and not the entire period of business disruption
• Claims related to third-party contractors and outsourced service providers are almost always denied

All in all, these factors have led the industry to be extremely profitable for insurers, and extremely unreliable for businesses. Mactavish found that for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims.

That said, Sophos has found that rates of payouts are beginning to improve again as businesses have worked hard to improve their cybersecurity postures. 97% of businesses with cyber insurance have made changes to their defenses in order to comply with new cybersecurity insurance standards. This has resulted in a 98% payout rate for ransomware claims.

What Would Happen If You Were Infected With Ransomware Right Now?

Do you have a plan? Are your system endpoints protected? Are your backups recent, tested, and viable?

It’s easy to assume that just because you haven’t been hit by ransomware yet, then you won’t be anytime soon. You may think you can put off investing in an effective business continuity plan, but without warning, you may get hit.

Don’t assume you’re safe. Take the time to make sure you are, or you may end up having to pay a ransom.

Your Ultimate Ransomware Defense Checklist

• Deploy a next-generation antivirus solution that uses AI-based capabilities to monitor activity and detect ransomware in real-time.
• Have a policy in place that verifies software updates are being applied in a timely manner. Unpatched software can be exploited by cybercriminals to infect your systems with malware.
• Access controls should be configured so that shared permissions for directories, files, and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
• Implement Multi-Factor Authentication to protect accounts from access with breached passwords.
• Train your staff to ask themselves these key questions before opening an email:

• • Do I know the sender of this email?
  • Does it make sense that it was sent to me?
  • Can I verify that the attached link or PDF is safe?
  • Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
  • Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
  • Does anything seem “off” about this email, its contents or sender?

• Disable:

• • Macro scripts in email
  • Files running within AppData or LocalAppData folders
  • Remote Desktop Protocol capabilities (unless needed, in which case they should be limited to internal network use)
• Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
• Have an annual security audit and penetration test performed to determine how vulnerable your organization is.
• Data backup best practices:

• • Back up data on a regular basis (at least daily).
  • Inspect your backups to verify that they maintain their integrity.
  • Secure your backups and keep them independent from the networks and computers they are backing up.

What’s The Best Way To Protect Yourself Against Ransomware?

When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals like those on the HRCT team.

The cybersecurity professional’s job is to manage your cybersecurity, simple as that.

Instead of needing an employee or internal team to keep your tech and data secure, you let someone else with the skills and knowledge do it for you:

• Cybersecurity professionals perform regular vulnerability testing as per industry standards to ensure you aren’t dealing with overlooked cybersecurity weaknesses.
• Cybersecurity professionals help you plan and achieve a secure environment to work in.
• Cybersecurity professionals provide ongoing service and support for any security-related concerns you may have.

The Good News: Ransomware Defenses Are Becoming More Effective

Don’t worry, it’s not all bad news. Sophos notes that many businesses are becoming more adept at recovering from ransomware attacks.

99% of organizations hit by ransomware in 2021 recovered some encrypted data after the fact.

Between backups and ransom payments, 44% of the organizations considered in Sophis’ study employed a range of methods to restore their data.

However, don’t assume that paying the ransom will necessarily get you your data back—companies that paid received only 61% of their data on average.

Need Expert Assistance With Your Ransomware Defense?

When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals like those on the HRCT  team.

Our job is to manage your cybersecurity, simple as that. Instead of needing an employee or internal team to keep your tech and data secure, you let our team do it for you.

Get in touch with our team to get started on your ransomware defense today.