An unnamed company allegedly spent millions to recover data after a devastating ransomware attack. Per negotiation agreement, the cyber criminals provided a decryption key. However, the company’s executives failed to ascertain the reason for the breach. As a result, a second ransomware ruse slipped through systems a mere two weeks later.

This event serves as a cautionary tale for other enterprises. While it’s probably already on your check list, should you fall victim to a ransomware attack or another type of breach, be sure to identify the root causes. How did the criminals embed themselves into systems in the first place?

Without this knowledge, a ransomware group may continue to retain and leverage valid administrative credentials or zero-day exploits that enabled initial entry. While post-event analysis is costly and requires extensive human resources, it’s worth the trouble. Otherwise, your organization may have to shell out ransomware payments multiple times over.

“Recovering from a ransomware incident is rarely a speedy process. The investigation, system rebuild and data recovery often involves weeks of work,” say NCSC experts.

Ransomware resurgence:

In recent months, experts have witnessed a resurgence of ransomware and ransomware variants. In the past 6 months alone, organizations have seen a 57% increase in ransomware attacks. Since the start of 2021, the number of organizations hit with ransomware has grown at a rate of nearly 10% per month.

When it comes to Transport Layer Security, ransomware attacks have reportedly increased by 500% since March of last year. On top of that, the total amount paid by victims of ransomware breaches has increased by more than 300%. This is the rough equivalent of $370 million worth of cryptocurrency. These realities highlight the importance of everyday threat prevention and larger-scale next-generation cyber security architecture.

Everyday ransomware reminders:

  • Ensure that your systems are up-to-date
  • Apply multi-factor authentication wherever possible
  • See to it that your organization has multiple data backups, following CISA’s model
  • Apply zero-trust or ‘least privileged’ access capabilities
  • Alert colleagues about the potential consequences of responding to unsolicited emails or links.
  • Adopt more sophisticated threat prevention infrastructure.

Ransomware attack methods and types

Computers can become infected with ransomware through a variety of different means. Malicious ransomware emails represent common threats. ‘Drive-by’ downloading, which occurs when users unknowingly scroll over malicious online material, is a common delivery method. Web-based instant messaging also represents an avenue of attack.

Across the past six months, Maze and Ryuk ransomware have taken center stage. The ransomware scene largely consists of several major ransomware gains that reap most of the financial rewards. Only 199 different cryptocurrency deposits receive 80% of all ransomware payments.

Nearly 50% of ransomware attacks occur within the United States. The UK, the Netherlands and Germany also represent targets, but see much lower rates of attacks.

Ransomware affects organizations of every variety. Industries that represent particularly common attack targets include the government and military, manufacturing, banking and finance. Paying ransoms is not recommended. If negotiating with the hackers is a last resort, billion dollar enterprises should prepare to spend millions, according to expert Jason Kotler. What really pays is to invest in better cyber security.

For more on the latest ransomware news, visit Tech Republic.