5 Factors That Have Led to the Steep Rise in Ransomware Attacks
You may have noticed that ransomware has been in the news more often recently. There were high-profile attacks on Colonial Pipeline and JBS in May that resulted in higher gas and meat prices, for example.
Another big attack of 2021 impacted companies running an on-premises version of the Microsoft Exchange Server, and one of the attacks being used in those zero-day exploits was ransomware.
In 2020, ransomware attacks increased an astonishing 485%. That’s in addition to rises in the average ransom request and costs for remediation.
Ransomware has quickly risen to be one of the most dangerous threats to network security. Unfortunately, far too many businesses are still unprepared for an attack.
What’s causing the rapid rise of ransomware? It’s a combination of several factors that all converge for a perfect storm fueling the rise of this type of malware.
Too Many Companies Continue to Pay the Ransom
If only a small percentage of ransomware victims paid the ransom, then attackers would soon conclude that the time and effort wasn’t worth it for the benefit.
Unfortunately, the opposite is true. Over half of attack victims (57%) pay the ransom to the attacker. This reinforces to criminal groups, both large and small, that ransomware can bring in serious money. This fuels more ransomware attacks, from large criminal organizations, state-sponsored hacking groups, and individuals looking for a ransomware score.
During the first half of 2021, the average ransom demand has tripled from $450,000 to $1.2 million.
Ransomware Stops Most Company Operations
It’s very different if you get a virus on a computer that causes it to act up than having ransomware infect your servers and your operations coming to a halt.
Ransomware tends to be very effective at getting a payout for attackers because companies are thrown into desperation mode. They can’t access their data because it’s been encrypted, and ransomware spreads rapidly to all devices and cloud storage connected to the same network.
When companies are faced with having their entire business shut down, they’ll often look for the fastest way to get operations back up and running. If they’re not prepared with a ransomware response plan or a fast-restoring backup, they’ll often opt to pay the ransom.
Both Colonial Pipeline (paid $4.4 million) and JBS (paid $11 million) noted a similar need to “do right by their customers” and get operations back quickly as their reasoning for paying their attackers.
Companies Don’t Go Through Enough Incident Response Drills
There’s a reason that schools and other facilities go through regular fire drills. It’s to help everyone become familiar with the procedure so, in the case of a real evacuation, things will go more smoothly.
Many companies do not have an incident response plan in place and/or haven’t practiced it regularly. So, when they’re attacked, they don’t know what to do. This increases downtime and adds to remediation costs.
Businesses of all sizes must invest in disaster preparedness, and this includes running incident response drills. Those companies that are prepared and have a team that has already practiced efficient data recovery can restore their operations faster and don’t have to just pay the attacker and hope for the best.
Ransomware as a Service Has Democratized Ransomware Attacks
Because of the profitability of ransomware for criminal underground organizations, many of them have branched out into a service business that is much like Software as a Service(SaaS).
Ransomware as a Service (RaaS) is a platform that someone without any hacking or coding knowledge can subscribe to. They pay a fee and gain access to professional ransomware attack assets like code, phishing campaigns, and even helpdesk support.
As you can imagine, RaaS has been a big driver in the growth of these attacks because now anyone that wants to take the risk can conduct a ransomware attack and try their hand at a huge score.
Unsecured Remote Teams
It’s estimated that approximately 56% of work-from-home employees use their own personal computers for work. Many companies were unprepared for the sudden need to accommodate remote teams, and security wasn’t always addressed properly.
The lack of security and the disconnection to the office that left remote workers more vulnerable to a phishing email were other pieces of kindling that ignited the huge explosion of ransomware over the last 18 months.
Remote work is going to be a permanent fixture even once COVID is gone, so companies need to put permanent IT security mechanisms in place to ensure device and data security.
This would include things like managed IT services for all devices, regardless of where employees are working from. As well as lines of communication that give remote workers access to the tech support and advice they need.
How Strong Is Your IT Security Strategy?
Does your cybersecurity plan need updating to accommodate a remote or hybrid team? AhelioTech can help your Columbus area business remove vulnerabilities and reduce your risk of a ransomware attack.
Contact us today for a free quote. Call 614-333-0000 or reach out online.