Is 2021 the Year of Ransomware?

Cybersecurity issues have dominated the news cycle lately, and with good reason. Attacks utilizing ransomware — a type of cyber malware that holds data or networks captive while demanding a ransom — have surged over the last year and are at an all-time high. Consider that by the end of 2021, ransomware is expected to attack a company every 11 seconds and cause damages of $20 billion, which is 57 times the amount of damage recorded in 2015.

Understanding the Threat 

Ransomware operates by encrypting files on a device, setting off a domino effect of far-reaching consequences as the files and systems that rely on the now-encrypted files become unusable. The perpetrators then demand ransom in exchange for decryption, often threatening to sell or leak information if the ransom isn’t paid. Any individual or company using a computer connected to the internet or a network is at risk.

Ransomware is an evolving form of cyber threat, and the culprits are becoming more sophisticated and agile. Several global dynamics have fueled the increase in attacks by creating a digital climate ripe for exploitation. The COVID-19 pandemic is one factor as the record number of people working remotely introduced many IT vulnerabilities. Another contributor is the rising prominence of cryptocurrency, which can be difficult to trace, as well as escalating political tensions with Russia, the alleged home base of many ransomware attackers.

A Costly Enterprise

The consequences of these online incidents are costly and tangible, from business downtime to millions paid in ransoms. Recent occurrences have targeted critical U.S. infrastructure components, impacting both food and fuel supplies, and the effects of similar attacks have been felt right here in Massachusetts.

In June 2021, the Russian-based hacker group Nobelium, known for its role in 2020’s devastating SolarWinds hack, breached the networks of Waltham-based email provider Constant Contact. It is suspected that many email servers marked the resulting phishing messages as spam and mitigated some of the threat. Still, the attack’s reach and potential damage was huge; this single campaign gave the hackers access to more than 3,000 email addresses across 150 organizations and 24 countries. 

Another June 2021 cyberattack targeted the Massachusetts Steamship Authority, impacting the company’s website and ticketing procedures. Ferry service was able to continue but the business repercussions were immediate. The Steamship Authority was forced to launch a new website while they fought to recover their original one and incurred additional costs due to waived booking and cancellation fees.  

Shore Up Vulnerabilities

No company is immune from cyber threats. However, there are some steps that can be taken to secure internal processes and data storage practices that can help protect against attacks.

Practicing good cyber hygiene is one important precaution, particularly when it comes to opening links in emails or websites as phishing campaigns often foreshadow ransomware attacks. According to reports, 91 percent of all cyberattacks begin with phishing. Tightening email security can plug a crucial hole in an organization’s security. Habits such as utilizing spam filters, configuring firewalls and scanning all incoming and outgoing messages will help prevent malicious emails and links from entering an organization’s network. Employees should also be trained to recognize phishing and other threats. 

In addition to cyber hygiene, companies should diligently monitor to ensure all systems are current and operating as intended. Keeping networks patched and software up to date will close gaps that could allow malware to slide in.

Finally, companies should always plan for the worst-case scenario. Being prepared with a thorough and tested incident response and business continuity plan will help a company maintain its footing if it falls victim to a cyberattack. As part of this plan, systems should be backed up regularly with the backups, all the way down to login credentials, kept separate from the network.

The threat of malware attacks is larger than it’s ever been, and there are no indications of things slowing down soon. Companies must stay vigilant and take appropriate steps to minimize the risk of exposure and the enormous business and financial complications that can follow.