Building a Better Defense Against Ransomware 

Building a Better Defense Against Ransomware Digital Silence blog post

When it comes to cybersecurity, there are few things more intimidating than ransomware. 

Suddenly, a faceless attacker locks down your system and files — resources your organization must have to function — and refuses to restore access unless you pay up. Your organization’s operations, reputation and even its continued existence could be at risk.  

It’s important to take this threat seriously because ransomware incidents appear to be increasing in 2023, with the reported number of attacks in March 2023 almost double the total from April 2022. 

Fortunately, it’s possible to lower your risk profile and recover from an attack with expert help. The first step is to realize that your company may have greater exposure to ransomware than you realize. 

What kinds of companies are the most common targets for ransomware?

If you only went by the news, you might guess that ransomware primarily targets the largest, richest organizations. But that’s not exactly true. 

According to Black Kite, companies with $50 million to $60 million in annual revenues are more likely to suffer an attack than those with $100 million or more. 

The theory is that slightly smaller companies are an easier target. They have the means to pay a six- or seven-figure ransom, but they probably don’t have an internal team equipped to respond to a ransomware case. 

Generally speaking, ransomware gangs tend to avoid attacks that cause large, systemic outages. Those cases tend to draw more attention — and harsher responses — from law enforcement and the government.

There were other common characteristics among ransomware incidents:

US companies are much more likely to be attacked. They represented 43% of the cases in Black Kite’s 2022 study of ransomware cases, versus 5.7% from the UK and 4.4% from Germany.

Manufacturing (19.5%) was the most commonly attacked industry, followed by professional, scientific and technical services (15.3%). Both tend to hold both sensitive intellectual property information, as well as personal information. 

How much does the typical ransomware case cost?

According to IBM, the average ransomware case cost $4.54 million in 2022, not counting the ransom. That was a slight decline from 2021, when the average cost was $4.62 million. 

The ransom amount varies. According to a survey from Sophos, a UK-based firm, the average ransom is about $1.5 million, though larger companies are often charged more. Palo Alto Networks found the average payment was just under $1 million.

How does a ransomware attack work? 

A typical attack will infiltrate the victim’s system, encrypt a user’s files and prevent them from being accessed unless the user pays a ransom, usually payable in cryptocurrency. 

(Some ransomware attacks, though, will create copies of a victim’s data and threaten to release them publicly unless the ransom is paid.) 

There are several ways that ransomware can find its way onto a target computer or network. Some of the most common methods include

  • Deploying phishing attacks that trick employees into clicking a malicious link or downloading an infected attachment.
  • Taking advantage of an organization’s Remote Desktop Protocol (RDP), which lets offsite workers log into its network. This can happen when a bad actor acquires an employee’s login credentials and then downloads ransomware to their machine. RDP attacks can also be carried out via a network’s servers if they have been infected.
  • Exploiting security vulnerabilities in other commonly used applications.  

How to prepare for a ransomware attack

  • Hire cybersecurity experts to conduct a 360-degree risk assessment of your systems. They can help identify potential weaknesses and develop an actionable, comprehensive plan for improving your defenses. Digital Silence has a dedicated offering for this called Ransomware Assess.
  • Implement a plan for regularly backing up all critical information, and then test those backups to make sure the information is actually being saved. The backups should be stored outside your organization’s network, possibly offline, to protect them from a ransomware attack.
  • Train (and retrain) your team to recognize phishing attacks so they don’t click malicious links or download ransomware disguised as PDFs and other files.
  • Create a process for constantly updating operating systems and software with the latest security patches.
  • Make it harder for your team to accidentally download ransomware. That could include using current antivirus software that scans all downloaded software before executing. Or restrict most users’ permissions from installing software applications unless their role calls for it. 

Responding to a ransomware attack 

Small and midsize companies should consider contracting with a digital forensics team such as Digital Silence, with expertise in handling ransomware attacks. They can quickly assess how the attack was executed and plug any holes in your security. 

Fast-moving experts can also diagnose the scope of the ransomware infiltration and, if possible, prevent it from corrupting other parts of your systems. Depending on the type of attack, they may be able to decrypt your files without paying a ransom to the attackers. Or failing that, they could clean your systems and restore your files from previously created backups. 

As these types of incidents become more common, smart organizations will have a plan in place before the worst happens. If your company wants to assess your current cybersecurity and develop a plan, let’s talk.

Are you experiencing a
Security Incident?

We are here to help 24/7. In addition to providing immediate assistance, Digital Silence offers a suite of remediation services designed to help organizations get back to business.