As a type of malicious software used by cybercriminals, ransomware destroys or prevents a person or business from accessing certain sensitive data or critical systems, until a ransom has been paid to the party initiating the attack.
Ransomware is particularly dangerous and disruptive – as it typically involves data or devices being suddenly locked and unavailable, without warning. Attacks occur either as social-engineered ransomware: which uses phishing where the attacker poses as a legitimate company or website to trick a victim into clicking a link or opening an email attachment; or as human-operated ransomware: where an attacker steals account information to gain access to an organisation’s IT network, then targets information and systems which they can infiltrate.
Once breached, the attacker installs the ransomware so that their targets become inaccessible to those who own them. For example, they might encrypt files or lock data. The victim is then asked to pay a considerable sum of money to get their access back (often in cryptocurrency). In the majority of cases, they oblige – to avoid the potentially devastating consequences to reputation and operations. Sadly, paying does not necessarily guarantee a happy ending.
Businesses around the world are increasingly being impacted by more frequent and sophisticated ransomware attacks. Indeed, The European Union Agency for Cybersecurity (ENISA) recently reported that between May 2021 and June 2022, approximately 10 terabytes of data were stolen every month as a result of ransomware threats. Almost 60% of the files stolen contained personal data relating to employees.
Microsoft has also confirmed “a massive growth trajectory for ransomware and extortion”. In 2021 alone, ransomware attacks shot up by 935%.
Prominent examples have included the Human Resources giant Kronos, which suffered an attack in December 2021 compromising its client cloud payroll and time-off systems; U.S. fuel pipeline Colonial Pipeline, which was shut down in May 2021 after a ransomware attack exposed the personal information of thousands of employees – resulting in soaring gas prices across the American East Coast and costing the company $4.4 million; and German chemical distribution company Brenntag, which has its network breached in April 2021 through stolen credentials which exposed the birthdates, Social Security numbers and driver’s license details of more than 6,000 individuals, as well as some medical data. This also ended up costing $4.4 million.
What you can do about it
Inevitably, strengthening and maintaining your organisation’s security posture will help protect you from these significant threats. What’s more, you’ll actually save money in the long run – by avoiding costly remediation and even worse, the possibility of having to pay cybercriminals.
Microsoft’s extensive security suite provides you with everything you need to stay confident and protected. Here are a few important steps you can take to make this happen.
1. Reduce your overall risk
By focusing on removing any potential security vulnerabilities in your IT infrastructure, you can thereby make it harder for opportunists to breach it. For example, Multifactor Authentication (MFA) is a proven and easy way to protect your employees’ devices.
2. Install antimalware
It sounds obvious, but the most effective way to stop ransomware is by installing a solution that directly combats it. Effective antimalware can detect and mitigate threats – for example, Microsoft Sentinel, Microsoft 365 Defender, or Microsoft Defender for Cloud.
3. Provide regular training
By ensuring that all your employees stay up to speed on the latest threats and how to spot them, you can ensure that everyone across your organisation adopts a best practice approach to IT security and protection – which makes a big difference.
4. Move to the cloud
Cloud-based services such as Azure Cloud Backup Service, Azure Block Blob Storage Backup, or Office 365 Backup and Recovery Services create a safer environment for you to store and retrieve sensitive data. Plus, if this information is compromised, it makes it faster and easier for you to recover it.
5. Adopt a Zero Trust approach
65% of organisations haven’t implemented Zero Trust. Zero Trust consists of three pillars; explicit verification, least privilege and assume breach. Evaluate all your devices and the access requirements of employees, before allowing them access to corporate applications, files, databases, and other assets. That way, you are making it much less likely for a malicious identity or device to breach your systems and install ransomware.
6. Keep software updated
Make sure you promptly install system updates and software patches as they become available.
Be ready to respond
If you are faced with a ransomware breach, it’s critical to be prepared. Take time now to plan out your course of action and the specific steps you will take to mitigate different attacks, so you can minimise any impact and get operations back to normal as quickly as possible if the worst occurs.
Depending on the severity of the ransom requested, you might be tempted to pay it there and then to solve the issue and stop the disruption. But although that seems logical, unfortunately you’re dealing with criminals – who may have no intention of keeping their word and may never give you back the access to your data. Indeed, most ransomware security experts advise against paying attackers anything, for this reason; not to mention that you would be funding illegal activity by doing so.
Instead, focus on what you can do personally as individuals and an organisation, to reduce the damage done by the incident. Where possible, isolate any data that has been compromised as quickly as you can, to stop ransomware spreading. Run your antimalware across everything – and ensure it’s updated to protect against any further attacks. And report everything to the police, to help them track activity and take action.
How we can help
Transparity has extensive experience in creating and maintaining strategies to keep your business secure and prevent ransomware from compromising it.
We are experts in securing and maintaining modern work environments. Our advanced Managed Security Service helps you to mitigate threats while minimising the efforts and hassle of IT security operations: while our dedicated Threat & Vulnerability Assessment offers an accurate overview of your IT environment status and highlights specific areas for security improvement.
Take advantage of our Microsoft-funded workshops to enjoy in-depth guidance on these topics and improve your security posture. Explore Microsoft’s extensive security toolset, analyse current threats and create a strategic security plan to protect and govern your organisation’s data.