Ransomware is now one of the biggest threats faced by businesses. When hackers gain access to business networks, it is now common for large quantities of data to be stolen prior to file encryption. Ransomware gangs know all too well that businesses with good backup policies will be able to restore their encrypted data from backups, but they will need to pay the ransom in order to prevent the release or sale of the stolen data. Even when files can be recovered from backups, many businesses feel they have no alternative other than paying the ransom to ensure stolen data are deleted. Data from Coveware indicates 70% of ransomware attacks now involve data theft.
Ransomware attacks are incredibly costly, even if the ransom is not paid. Universal Health Services Inc. in the United States suffered a Ryuk ransomware attack in September 2020 and the health system choose not to pay the ransom. Add up the recovery costs which included data restoration, cybersecurity consultants, notification letters to patients, and the loss of many services during the remediation process, and the cost of the attack rose to $67 million.
While expensive, that high cost is just a fraction of the cost of the recent Conti ransomware attack on Ireland’s Health Service Executive. The May 2021 ransomware attack caused massive disruption to healthcare services in Ireland. Without access to patient records, patient safety was put at risk, non-urgent appointments had to be cancelled, and there were major delays getting test results.
A few days after issuing a ransom demand of €20 million, the Conti ransomware gang gave the HSE the decryption tools free of charge. Even with the valid tools to decrypt data, recovery has been slow and incredibly costly. It has been around a month since the tools were provided to decrypt files, but many systems are still inaccessible. HSE Chief executive Paul Reid said it is likely to take months before all systems are brought back online.
Simply eradicating the attacker from the network and recovering encrypted data is only part of the story. IT systems need to be upgraded, security greatly improved, and a security operation center needs to be set up to monitor the network to prevent any further attacks. The initial costs incurred as a result of the attack were reported to be well over €100 million, but the overall cost of the attack is expected to rise to around half a billion Euros – Around $600 million.
An attack on such a major healthcare provider is naturally going to be incredibly costly, but ransomware attacks on small businesses can be catastrophic. Following a ransomware attack, an estimated 60% of small businesses fail within 6 months. One study showed the cost of remediating a ransomware attack doubled between 2020 and 2021, with the average cost now around $1.85 million. Attacks are also increasing. An analysis of the data leak sites used by ransomware gangs by cybersecurity firm Mandiant showed there has been a 422% increase in ransomware-related data leaks between Q1, 2020 and Q1, 2021.
How to Improve Your Defenses Against Ransomware
The most prolific ransomware gangs operate under the ransomware-as-a-service model. The creators of the ransomware do not conduct attacks, instead they employ affiliates to do they attacks for them. That means more attacks can be conducted. The creators run the operation and take a cut of any ransom payments generated, with the affiliates retaining the bulk of the ransom payments from their attacks.
Affiliates conduct attacks using a variety of methods and no two attacks will be exactly the same. Preventing ransomware attacks therefore requires a range of different measures to block all of the attack vectors, but the best place to start is by improving phishing defenses. Phishing emails are increasingly used as the initial entry point into business networks, so if these malicious emails can be blocked at the email gateway, they will not be delivered to inboxes where they can be opened by employees.
That is an area where TitanHQ can help. TitanHQ has developed two advanced solutions that are effective at preventing ransomware attacks. SpamTitan is a powerful email security solution that filters out malicious messages to stop them from causing harm. Rather than be delivered, emails with malicious links and attachments are quarantined.
WebTitan is a DNS-based web filtering solution that complements SpamTitan to provide even greater protection against ransomware and malware attacks. WebTitan prevents employees from visiting the malicious websites where malware and ransomware are downloaded.
Both solutions are consistently given top marks on software review sites such as G2 Crowd, with the solutions given a maximum of 5 stars by users of Spiceworks and Capterra. SpamTitan has also received over 37 consecutive Virus Bulletin Spam awards.
If you want to improve your defenses against phishing, ransomware, and web-based attacks, give the TitanHQ team a call. If you would like more information about protecting against attacks, also be sure to attend the upcoming TitanHQ/Osterman Research webinar on June 30, 2021:
How to Reduce the Risk of Phishing and Ransomware. REGISTER YOUR PLACE HERE.