The ransomware scourge that many cybersecurity professionals were hoping might abate in 2019 appears to be raising its ugly head again. In the last few weeks, organizations as larger as Federal agencies to school districts has been impacted. The U.S. Coast Guard (USCG) issued a security bulletin after revealing that one of its bases had been knocked offline last month by a Ryuk ransomware attack. Meanwhile, Richmond, Mich., a small city near Detroit, announced this week that students would be enjoying a few extra days of holiday break this year while its school system recovered from a ransomware attack.
Even major IT services providers are struggling to cope. Reports surfaced the day after Christmas that Synoptek, a provider of managed IT and hosting services, was hit by a ransomware attack.
Naturally, all these attacks are once again reigniting the debate over the merits of paying a ransom to gain access to the encryption keys need to recover data. The average ransom being paid on average has risen to $41,000 in the last three months. Some critics of paying the ransom to obtain those keys charge cybercriminals have only become more emboldened to increase their ransom demands now that cyber insurance providers are covering more claims. The trouble is paying the ransom does not always guarantee the desired result. The Heritage Company, a provider of telemarketing services, revealed days before announced it was forced to lay off 300 employees while trying to recover from a ransomware attack in spite of paying the ransom demanded. The company could no longer record enough revenue to make payroll.Paying the ransom doesn't guarantee the desired result. Downtime due to recovery efforts can prevent companies from earning enough revenue to meet payroll obligations and other business costs. @MVizard #ransomwareClick To Tweet
The thing that has changed most in the last year as far as ransomware attacks are concerned is that many more of them are being aimed at corporations rather than individuals. A recent report published by Emisoft, a provider of endpoint security software, estimates attacks against roughly 966 government agencies, educational institutions, and healthcare providers created costs in excess of $7.5 billion. The general consensus seems to be that things will get considerably worse before they ever might get better
The only way to effectively thwart ransomware attacks is to, of course, make sure there is a pristine copy of the organization’s critical data stored somewhere where can’t be infected. In the age of the cloud that may seem simple enough, but as it turns out files can be infected long before they ever reach their cloud destination. Cybersecurity teams need to can not only be able to recover critical data, they need to know with certainty that the data that is recovered hasn’t been already encrypted by cybercriminals. That means files stored on-premises and in the cloud need to be continuously scanned for malware.
Obviously, when it comes to malware there’s no such thing as perfect security. However, with additional prudence, the chances of being victimized by ransomware can be greatly reduced. The real challenge is making sure the technologies and processes required to prevent and contain a ransomware attack are in place long before they’re ever needed.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.