Pandemic Spawns Ransomware Surge in North America

Published On March 16, 2021

Ransomware is a major problem; and it affects more businesses that you might think. In 2019, 51% of organizations were hit by ransomware and 73% of those attacks resulted in data being encrypted by hackers, according to The State of Ransomware 2020 report from Sophos. Hackers use malicious ransomware programs to deny their victims’ access to files and computer systems by putting strong encryption in place until the victim pays a ransom. What may surprise you is more than twice as many organizations got their data back by recovering via backups (56%) than paying the ransom (26%).

Let’s explore what’s happening in ransomware, who’s getting hit the hardest, and protection methods that can help prevent your organization from becoming a victim too.

Why is Ransomware so Prevalent and Costly?

Ransomware is not a new phenomenon. Hackers have been demanding ransom money for access to computer systems since the first ransomware attack in 1989. That attack is now known as the AIDS Trojan because it was spread by a biologist who sent 20,000 floppy disks to fellow biologists researching AIDS. If a researcher used the content on the disk, it infected their system and after the 90 th restart of their computer, a message would appear to mail $189 to a PO box in Panama – or, if the ransom wasn’t paid, the researcher would lose access to their critical data forever.

Over the years, ransomware programs have grown more sophisticated, and the ransom demands have exploded. The FBI noted a 147% increase in financial losses linked to ransomware and recent ransomware attacks on organizations such as Travelex, University of California at San Francisco, CWT Global, and Garmin have had demands in the millions of dollars. Earlier this year, Kia Motors America was hit with a ransomware attack demanding $20 million in bitcoins for a decryptor and agreement not to leak the stolen data. And, yet the ransom itself is only one component of this cost.

According to the Global Cost of a Data Breach Report 2020 produced by Ponemon Institute and IBM Security, ransomware attacks cost an average of $4.44 million. The report tracks 25 key factors involved in the average total cost of a data breach from the costs of compliance failures, implementing complex security systems, migration to the cloud, and the cost of cyber insurance.

As explained in a ZDNet article, cyber insurance is essentially a contract between an insurer and a company to protect against losses that are related to computer- or network-based incidents. Of course, businesses are still responsible for their own cybersecurity. “Cyber insurance will not instantly solve all of your cybersecurity issues, and it will not prevent a cyber breach/attack,” explains the National Cyber Security Centre. Some cyber insurance policies do cover the costs of paying a ransom – however, law enforcement and the information security industry doesn’t recommend this, as they believe it encourages more attacks. The Ponemon/IBM report states that 51% percent of organizations with cyber insurance used claims to cover the cost of third-party consulting and legal services, and only 10% used claims to cover the cost of ransomware or extortion.

Who is being Hit the Hardest?

According to SonicWall’s 2020 Cyber Threat Report, ransomware attacks are up across the board, and particularly in North America where they have more than doubled year-over-year. Yet the increases are inconsistent – globally, ransomware was only up 20%. The report cites a low barrier of entry, ease of use, and anonymous payouts as reasons for the increases in ransomware. Attacks have also exploited users with social engineering tactics around COVID-19. A fake contract tracing app and a fake COVID-19 survey have been used to conceal ransomware under the guise of sharing COVID-19 information. In addition, with so many organizations adopting remote working as a response to the pandemic, cyber criminals are exploiting security vulnerabilities and this trend will likely continue throughout 2021.

Over the past two years, ransomware has moved from mass-deployed phishing campaigns with lower ransom demands to highly targeted, well researched attacks on larger enterprises with the means to pay, says the 2020 Incident Response and Data Breach Report from Palo Alto Networks and Crypsis. In terms of industries, the report shows that the healthcare sector was the most affected (22% of total attacks) with manufacturing coming in second (13%), followed by contracting & engineering (9%), financial services (9%), and consulting (8%).

What Can You Do About Ransomware?

Protecting your organization against ransomware is a serious endeavor. Strategies abound, including those from the CISA (Cybersecurity Infrastructure Security Agency), outlined in this blog post. 

The Sophos ransomware report recommends that companies should “make regular backups and store offsite and offline. 56% of organizations whose data was encrypted [by a ransomware hacker] restored their data using backups last year. Using backups to restore your data considerably lowers the costs of dealing with the attack compared with paying the ransom.”

Iron Mountain suggests that organizations will benefit from taking another look at their data protection strategies to ensure all endpoint devices are secure, backed up, and recoverable. Additionally, active and inactive data throughout an organization’s data ecosystem could be vulnerable to ransomware attacks, making it necessary to review how and where data is protected with an increased emphasis on storing an air-gapped, offline gold copy of data. Backing up data to offline, air-gapped storage that isn’t connected to the internet can cut down recovery time considerably.

According to an article in Continuity Central, “Air gapping should be an integral part of any archive, backup, recovery, and security plan. The tape air gap, inherent with tape technology, has ignited and renewed interest in cybercrime prevention. The ‘tape air gap’ means that there is no electronic connection to the data stored on the removable tape cartridge therefore preventing a malware attack on stored data.”

Kick off Your Efforts on World Backup Day

Did you know World Backup Day is March 31? Although this day is geared to individuals reminding them to back up their computers, it’s also an important reminder to companies that your data is the lifeblood of your business. An intelligent, systematic approach to data protection can help protect against accidents, disasters, and cybersecurity issues like ransomware.

World Backup Day is a good reminder to make sure what is supposed to be protected, is protected. Ensure that your systems, applications and data are protected, backed up and recoverable.