It is a word that no one wants to hear and especially have to deal with – ransomware. It can send chills down the spine of business leaders and IT admins alike. It can literally mean the difference between staying in business and even losing a business altogether. Ransomware knows no boundaries and affects businesses of all sizes, business sectors, and locations. Assuming that you will never be affected by ransomware would be naive and could lead to serious data loss without the right measures in place to both secure your environment from ransomware but also recover after a ransomware attack. Is ransomware on the increase? How has remote work increased this risk? What steps can your business take to recover after a ransomware attack.
Why is ransomware so devastating to businesses?
Ransomware has now been around for some time. However, attackers are using it more and more. Why? The simple answer is it is highly effective and they have a high rate of success using it. Ransomware has evolved and is highly capable of infiltrating many types of environments and can even affect your cloud SaaS environment which we will describe a bit later. Ransomware is extremely devastating to businesses in the following ways:
- It hits hard and fast
- Without the right tools it can be difficult to determine an attack is underway
- New ransomware is also exfiltrating data as a scare tactic for paying the ransom
- Ransom demands are significant
- Business continuity is disrupted
- It can lead to lost customer satisfaction
- It brings into question the security protocols of your business
- Businesses are often ill equipped to recover from a ransomware attack
Ransomware attacks are increasing
There is no question since the onset of the global pandemic at the beginning of 2020, ransomware attacks are increasing as attackers have jumped on the opportunity to take advantage of the already disruptive situation and often-lax security measures for remote workers.
According to PurpleSec, cybercrime since the COVID-19 pandemic is up 600% and 7 out of every 10 malware payloads delivered to businesses contain ransomware.
There is going to be no downturn in cyberattacks, including ransomware, in 2021. In fact, according to Cybersecurity Ventures, a cyber-attack incident will occur every 11 seconds in 2021. This is an almost 200% increase from 2019 where attacks happened every 19 seconds.
It is safe to say, this trend is going to continue with cyberattacks across the board and ransomware being a key tool that attackers use to compromise environments and steal data.
Remote work increasing ransomware risk
Due to the recent pandemic, most companies are leveraging remote workers to some degree in their business due to lock downs, social distancing, and other guidelines related to the pandemic. How has the shift to remote work played into the hands of attackers using ransomware to compromise environments? This has happened due to the following reasons:
- More distractions – Remote workers are more distracted and more likely to fall victim to phishing and other malware scams when working from home. Distractions such as children’s homeschooling, home responsibilities, and workers surfing questionable sites increase the likelihood of a malware infection.
- Ill-equipped security solutions for remote workers – Many businesses were not prepared to send the majority of their workforce to work from home. Most legacy security solutions require on-premises connectivity to end-points to be effective or even work at all. Patching and other essential security operations may have come to a standstill sending workers home.
- BYOD – Some companies may have allowed employees to use their own devices to access business networks via remote access solutions. This increases the likelihood of security vulnerabilities and ransomware attacks coming from devices that may already be infected with malware, no security protections installed, and other concerns.
- Insecure home networks – Networks outside of the control and purview of network security teams bring increased risks. Most home users connect to home networks that are extremely insecure. This increases the chance of attackers infiltrating home networks and by extension, compromising business networks to which they connect.
- Lack of cybersecurity training – Organizations may not have carried out cybersecurity training for end-users working from home. Cybersecurity training is essential to help employees recognize potential risks and dangers as they encounter these on the Internet or by email.
- Legacy insecure remote access solutions – Due to the nature of how quickly organizations had to shift to remote access solutions, many had to resort to insecure, legacy solutions. This may include improperly secured RDP connections, VPN connections, and others.
- Lack of visibility – This goes back to the lack of proper tools that have the ability to connect even when end-users are remote. Businesses may have no visibility to software, threats, and other dangers as they exist on end-user devices.
Cloud environments are at risk from ransomware
Many may assume that ransomware is merely a risk to on-premises environments. With the huge shift to cloud SaaS environments such as Microsoft Office 365, many companies may feel safe from the threat of ransomware. Is this really the case? The short answer is no.
Ransomware can and does affect cloud SaaS environments and it can happen rather easily. Cloud SaaS environments can be compromised by OAuth attacks where attackers use apps or browser plugins that look legitimate to lure end-users to grant permissions for the app to access their cloud data, whether this is their cloud email, cloud storage, or other services.
We are all very conditioned with mobile devices to grant all permissions requested by an application and not screening these very well. OAuth is only as secure as the end-users who grant the permissions. Another attack vector for cloud SaaS environments is file synchronization.
If your business uses a tool such as OneDrive for Business to synchronize files from on-premises environments to the cloud, this is can be a vehicle for ransomware. If a user, either on-premises or a remote worker, is infected with ransomware, the ransomware encryption process will encrypt files that may be synchronized with a cloud sync utility such as OneDrive. When this happens, the ransomware encryption process is viewed as a simple file change and the change is then synchronized to the cloud. Any other users who are attached to the cloud storage environment will also synchronize the now encrypted files. This can proliferate ransomware through the cloud SaaS environment.
How to recover from a ransomware attack with NAKIVO
Businesses must plan on a ransomware attack at some point. With the number of cyberattacks and attack vectors, it is often not a matter of if but when a ransomware attack will occur. Proper planning and having the right tools in place can make a huge difference in the success or failure of ransomware recovery.
NAKIVO is hosting a free webinar detailing “How to Recover after a Ransomware Attack: Proven Strategies from NAKIVO.” The webinar will focus on the following:
- Learn how not to fall victim to digital extortion and quickly resume your operations after a ransomware attack
- Ransomware Facts and Figures for 2020-2021
- Best Practices for Ransomware Protection with NAKIVO Backup & Replication
- Effective Strategies for Ransomware Recovery with NAKIVO Backup & Replication
Click on the image below or visit the site: https://www.nakivo.com/webinar/how-to-recover-after-ransomware-attack/
Learn more about NAKIVO from past articles here: