What is ransomware?
According to the Cybersecurity and Infrastructure Agency (CISA), Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.
- Ransomware is readily available and changes faster than detection technologies can respond
- In most cases, paying ransom is the only way to free hostage data and systems
- Recent successful ransom situations will only encourage more attempts
- Cryptocurrencies such as Bitcoin can be used to force untraceable ransom payments
- Without proper ransomware awareness training, humans are widely susceptible to phishing, the most commonly used ransomware attack vector
How does ransomware affect businesses?
Cofense co-founder Aaron Higbee explains ransomware and its business impact on CNBC (July, 2016):
We expect this trend of ransomware attackers leaking corporate data to force accelerated payment to continue, as it increases the pain for ransomware victims who may otherwise not pay. Organizations may be reputationally damaged by a data leak and, depending on laws and regulations, may be subject to fines and penalties. Data owners can potentially hold the organization liable and pursue litigation, exacerbating the cost.
— Aaron Higbee, Cofense Co-founder and CTO
Reduce User Susceptibility
With phishing still the #1 entry point for cyber-attacks, your defenses need to focus on the most pressing threats—active phishing campaigns that are probing your organization. Read our 2021 Annual State of Phishing Report learn how you can avoid a breach from the phishing threats that are targeting businesses around the globe. From Emotet to Ryuk, threat actors improved their methods and adapted to world events, bringing new trends to the phishing threat landscape in 2021.
Reducing Vulnerability to Ransomware
On May 21, 2021, the Cybersecurity and Infrastructure Agency (CISA) issued the advisory, DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks after the Colonial Pipeline was hit. CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement robust network segmentation between IT and OT networks. When deployed, these mitigations help improve an organization’s functional resilience by reducing vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.
The development of Bitcoin and the availability of ransomware-as-a-service on the Dark Web has led to substantial growth in ransomware attacks. Although the actual number of attacks and victims is hard to quantify due to underreporting, the scale of the recent attacks is greater than has been seen before. And, ransomware is not limited to just North America – as seen recently in the JBS Meat Packing Plant attack. The UK National Cyber Security Centre published a the article, Ransomware: What board members should know and what they should be asking their technical experts, a cybersecurity toolkit for board members.
Having users who are trained to spot phishing attacks, detect reply-chain campaigns, and report suspicious emails can be the difference between a secure organization and full network compromise. Cofense can help. Learn more here.
Well-conditioned users report real phish quickly!
Average time it takes a user to report a suspected phishing email