In the past few months, we’ve all been reading chilling news about ransomware cyberattacks, seemingly one after another. The big takeaway for our business clients is that ransomware is proving to be a serious cyber threat to companies of all sizes and in all industries.
In a ransomware attack, fraudsters introduce a computer virus into your company’s systems. The virus spreads, locks your people out of their laptops and network servers, and encrypts critical business files, so they can’t be accessed.
So what’s that experience like?
Very often, the trauma begins when attackers leave you a ransom note confirming they’ve taken your computer files hostage. That note, according to a recent article in the Washington Post, “typically contains instructions on how to access a website on the dark web. That’s where hackers will say how much they want, and how much time the victim has to pay up [to regain control over the company’s computers and data]. A countdown clock sometimes ticks away, giving a company a set amount of time, usually about a week, before the price goes up.”1
Ransomware can disrupt business operations and potentially cost a company tens of thousands or even millions of dollars in ransom to return to normal business. It can also result in sensitive data being stolen and/or leaked, and when it becomes public knowledge that customer data has been breached, a company can sustain significant reputational damage. The attackers “range from enterprising individuals all the way up to groups of hundreds working directly for a nation state,” the Post reports.
No Business Is Immune
Ransomware attacks this past spring against JBS, the world’s largest meat processing company, and Colonial Pipeline, operator of the nation’s largest fuel pipeline, garnered a lot of attention because of the size of the ransoms those companies reportedly paid ($11 million and $4.4 million respectively) and the potential impact on consumers. Yet because the victims were very large companies, the vast majority of the business world, including midsized and smaller companies, might not have seen those events as directly threatening.
The same can’t be said for the cyberattack in early July on customers of software supplier Kaseya; that was more of a clarion call highlighting the widespread danger posed by ransomware, and the need to address it, as it was reported that hundreds of businesses of all sizes were victimized.
Indeed, the U.S. Department of Homeland Security reports that three-quarters of all ransomware cases now involve small businesses.2
An Important New Information Resource
According to a DHS release in mid-July, “roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year.” The many high-profile ransomware cases already this year seem to suggest the problem is only getting worse.
At a time when the ransomware threat to businesses has reached a new level, the federal government has responded by introducing a robust new information resource on the web: StopRansomware.gov. The site includes “ransomware 101” type information as well as a Ransomware Guide with prevention best practices and a ransomware response checklist.
It’s time to take the ransomware threat very seriously. The new government site is a helpful tool that can help your business stay safe.
1 “The anatomy of a ransomware attack,” The Washington Post, July 9, 2021
2 “United States government launches first one-stop ransomware resource at StopRansomware.gov,” a news release from the U.S. Department of Homeland Security, July 14, 2021