Global businesses are faced with a perennial and constantly evolving threat – Ransomware. In the first half of 2020, there was a marked seven-fold jump in the number of ransomware attacks reported globally.
It is estimated that there will be a ransomware attack on businesses every 11 seconds by 2021, up from every 40 seconds in 2016 and the horrifying numbers do not stop there. According to forecast, global ransomware damage costs will reach $20 billion by 2021 — which is 57X more than it was in 2015.
As we conduct a retrospective impact analysis of ransomware attacks, it is clear that cyber felons are constantly honing their skills to capitalise on the evolving threat landscape.
We only have to look back to 2017 when WannaCry hit the headlines for affecting a reported 230,000 computers across 150 countries – a truly global attack with unprecedented scale.
Both public and private organisations, including hospitals, tertiary institutions and businesses worldwide were not left out from the trail of destruction WannaCry left in its wake. Just two months later, organisations in Europe and the US were crippled by another ransomware attack known as Petya.
Ransomware has enjoyed a great year in 2020, taking advantage of the rise of remote working to wreak havoc in a pandemic.
Companies had to rush to provide mobility solutions such as laptops, tablets and remote access to data and applications without setting up a proper data protection and management policy to ensure data is both protected and compliant.
This exposed companies to greater risks as malicious actors can now target more end-point client devices.
According to the Veritas Ransomware Resiliency Report, the average enterprise has been the victim of 1.87 ransomware attacks. Governments are starting to pay attention to the threat posed by ransomware and taking action against it.
The FBI has issued warnings, and the state of Oklahoma just voted to outlaw ransomware after it cost computer users at least $1 billion in 2019.
Ransomware in the post-pandemic era
The risk will grow exponentially as we pivot into the age of the hybrid working model and employees are empowered to work-from-everywhere. We are only three months into 2021 and DearCry has emerged, exposing the vulnerabilities of Microsoft Exchange Server.
The emergence of DearCry in response to the Microsoft Zero Day vulnerability is a textbook example of how ransomware can remain dormant and attack once again. Worryingly, less than half of respondents in our Ransomware Report have tested their disaster recovery plans within the past two months.
It is important to note that as companies continue to drive digital transformation, the IT environment will only become increasingly complex. Enterprises must do more on robust resiliency planning or risk the dangers of a data gap.
The Veritas Hidden Threat of Business Collaboration Report revealed that 71% of employees globally admit to sharing sensitive and business-critical company data using instant messaging and business collaboration tools.
58% of employees globally were also reported to be saving their own copies of information they share over IM. Companies are exposed to boundless risk when employees misuse IM are taking data out of control.
When business data is sprawled across different locations, the companies are exposed to data breaches, legal and compliance risks.
Attacks are getting more sophisticated as hackers zero in on high-value data from targeted industries like healthcare and finance.
As we continue to accelerate the shift towards a digital-first world, it is paramount to examine how we can improve resilience against ransomware.
What can organisations do about this?
Veritas believes that all ransomware defence strategies must be able to do four things: protect, detect, respond and restore.
Organisations that are focused only on the protection element are almost doomed to failure because there’s a good chance that they’ve already been compromised.
Data management solutions that are constantly monitoring the data estate for signs of ransomware initiation come into their own when threats such as DearCry strike.
Quickly alerting businesses to the sudden unexpected changes to files that are caused by the encryption process triggers users to move to the last two elements of their strategy. Being able to respond quickly to isolate the virus can help to contain the situation.
Knowing the precise point when files started to change will enable businesses to accurately find the last good backup copy of their data to restore and avoid having to pay the ransom demands they receive. They should be sure to remember, however, that this is treatment, not a cure – and remain alert to the reality that the ransomware may be sleeping, but it’s unlikely to be dead.
