The serious consequences of ransomware on organizations.

 

What is ransomware?

Ransomware is a type of malicious software or “malware” that modifies and encrypts files on devices and computer systems, causing them to crash or cease to function. This software enters the system through the action of cybercriminals or organized criminal groups, in many cases by sending malicious e-mail messages that appear legitimate. When some of the victims open these emails and follow its instructions, the ransomware program begins the silent task of locking files until the device it has entered through or even the entire computer system is locked. Often, this blocking of the computer system leads to the total or partial paralysis of the organization’s activity. The malicious ransomware program itself displays on-screen messages explaining that the system is “hijacked”. This message usually requests the payment of a ransom in cryptocurrencies, in exchange for the key that would unlock the system to return to normal operation. Authorities recommend not to pay the ransom. Even if you pay the amount requested by the cybercriminals, you are never guaranteed that the unlock code will work. One of the reasons for the boom in Ransomware attacks lies in the potential high return it offers cybercriminals in exchange for a low level of risk to such an extent that it is becoming a kind of business model of an obviously illicit nature.

Consequences of ransomware.

The seriousness of the consequences of an IT system crash is obvious given the total dependence of all organizations on their respective IT systems. In many cases, companies and public administrations affected by ransomware are forced to temporarily halt their activities. At best partially, although in some cases the cessation of operations may be total for hours or several days. The consequences can be broken down into several groups:

Payment of a ransom.

In cases where, despite being advised against it, the organization concerned decides to pay the ransom, the amount paid already represents a loss as it is an unbudgeted expense. The amounts requested can range from a few hundred Euros, several thousand Euros to millions of Euros.

Economic and reputational losses resulting from the cessation of operations.

In many cases, this is the most worrisome item. For example, in 2021, the Sinclair Broadcast Group suffered a ransomware attack that resulted in losses of about $63 million from unpublished advertisements due to the impact of the attack. The State Public Employment Service (SEPE) suffered a cyber-attack on March 9, 2021 which prevented access to its website, and for which the perpetrators of the cyber-attack demanded financial compensation. And so an endless list of organizations and attacks is growing.

Cost of repair and return to normal.

This group of consequences includes items such as the working hours of the affected organization’s own staff and the costs of hiring external teams specialized in helping organizations affected by ransomware to return to business as usual.

Layoffs.

Financial losses may be accompanied by layoffs resulting from the adjustments that organizations must make after suffering Ransomware attacks. The layoffs may affect employees at all levels and also managers, including those who were in charge of cybersecurity as well as those who had nothing to do with safeguarding digital security.

Data leaks.

More and more organizations are prepared to recover from ransomware attacks by recovering backups without having to consider paying the ransom. Faced with this reality, cybercriminals have developed strategies such as obtaining sensitive data during ransomware attacks and associating the payment of the ransom with not making such data public. In this way, the cyberattackers carry out a double extortion attempt. Sensitive types of data may include medical records, personally identifiable information or login account credentials. It is also possible for cybercriminals to threaten to publish proprietary information such as new product plans, market development or highly confidential technical specifications.

How canorganizations protect themselves against Ransomware?

Overall, the cost of preventing Ransomware attacks is vastly lower than the combined cost of all the consequences described above. Prevention against Ransomware attacks is carried out on two main fronts.

Technological defense.

There are multiple methodologies and technologies aimed at detecting and preventing Ransomware intrusions into organizations’ computer systems. From mass filtering of suspicious emails, filtering of network traffic, event monitoring, etc. Another area of technological defense is to have backup systems accompanied by laboratory-tested rapid recovery procedures ready to be implemented in the event of a real attack.

Awareness of the entire workforce.

Although technological defense strategies can be very effective, cybercriminals have attack tactics based on deceiving users to achieve their malicious goals. These tactics include “trap” emails, website spoofing, phone calls, sending SMS, Whatsapp and a wide range of infection methods. The best solution against these tactics is to establish an ongoing digital security culture throughout the workforce. The basis of this digital security culture is training, very often on-line courses such as SafeUser, aimed at making users aware of and practice how to identify possible attacks and learn how to react in the most appropriate way. In addition to this education and training, it is highly recommended that cybersecurity be part of corporate communications on a regular basis. This promotes a permanent state of alertness to the incessant activity of attackers and the optimization of their strategies.