Ransomware has become one of the biggest threats to global cyber security. Across public and private sectors alike, businesses in every industry and even critical national infrastructure, has felt the impact of ransomware attacks and it is causing huge concern and costing companies billions.
When an organization is shut out of its systems and denied access to its data by a successful attack, it is facing a range of critical decisions that will determine how quickly it will recover and how costly the ransomware incident will be.
But before that tipping point is reached, every leadership team should also be thinking about how they can proactively prevent ransomware from crippling their IT infrastructure.
But what is the risk of falling victim to a ransomware attack, what are the financial implications and how can organizations build an internet security strategy to minimize the dangers of ransomware?
The scale of ransomware risk in 2021
According to the Harvard Business Review, 2021 has seen a “dramatic increase” in ransomware activity, and the scale of the problem shows no sign of abating.
Recent analysis, for instance, revealed that there were over 300 million attacks in the first half of this year alone – not only a new record high, but more than the total for the whole of 2020.
This is part of a broader malware issue that’s growing at a huge rate. Analysis carried out by the AV-TEST Institute sees them register over 450,000 new types of malware programs and potentially unwanted applications every day.
As a result, the annual levels of malware have risen dramatically – from just under 100 million in 2012 to over 1.2 billion during the last 12 months.
Attacks on critical infrastructure
Among the most high profile ransomware attacks this year are those that have targeted critical infrastructure. Colonial Pipeline, for example, is said to have paid a ransom demand of $4.4 million to its attackers in order to fix the fuel supply problems caused by the disruption to its IT systems.
Of huge concern has also been the impact of a ransomware attack on the Irish healthcare system, which has been coping with weeks of widespread disruption. Services have been severely disrupted as personal information such as medical records, appointments and treatment plans were inaccessible electronically. Until recently, experts were expecting it to take many months before IT systems were fully returned to normal following the malicious attack on its operating systems.
In an unlikely recent turn of events, however, the attackers responsible for the ransomware breach unexpectedly provided the tool required to restore its systems for free, having previously demanded a payment of $20 million.
Whether this indicates a permanent change in tactics by cyber criminals and their interest in critical infrastructure remains to be seen. Many think it is highly unlikely and that attacks will continue.
The cost of ransomware attacks
The damage from cyber crime is expected to reach a total of $6 trillion this year, and looking at ransomware specifically, Cybersecurity Ventures predicts it will cost victims around $265 billion annually by 2031.
The biggest individual demands are now reaching eye watering levels. The likes of Acer, for instance, are said to have been hit with a $50 million bill by its attackers following a ransomware attack in March this year.
And on average, large U.S. companies lose $5.66 million a year to the disruption caused by ransomware attacks, according to analysis from the Ponemon Institute.
It’s interesting to note, however, that actual ransom payouts account for less than $1 million of that average figure, with the rest coming from technology downtime and the resultant lost in productivity.
Building an effective ransomware prevention strategy
Shifting ransomware strategy onto a proactive footing is key to turning the tide. Organizations who remain with their heads in the sand may continue to stay safe for a while, but as any cyber security expert will say, being on the receiving end of an attack is no longer a question of ‘if’ – it’s a matter of ‘when’.
Organizational leaders have a huge role to play, and many will need to think differently about ransomware, modernize their approach to cyber security and be prepared to implement change. This is not just about investing in new products, but is about focusing on identifying the major risk vectors associated with ransomware, such as those created by the move to remote working or the dangers endemic in the files shared in their billions every day.
When addressing cyber security, innovative leaders must fully engage with the issues, risks and opportunities. In doing so, they should challenge their legacy approaches to keeping their systems safe from attack – even if they have yet to be breached themselves. What’s more, by taking responsibility for driving positive, innovative change, leaders can bring their own skills to bear to work with trusted security partners and vendors to improve their levels of protection from ransomware related attacks.
As a result, there are a range of important contributing factors to building an effective defence against ransomware:
Ransomware awareness training – Don’t blame the users
When looking at the potential entry points for a ransomware attack, it’s tempting for organizations to focus attention on their users. This isn’t perhaps surprising given one recent study which revealed that human error is the leading cause of data breaches – with 88% coming through employee mistakes.
As a result, end user awareness training focuses on a wide range of potential risks, including those of a ransomware attack. The problem is, much of these awareness training sessions are little more than an exercise in box ticking.
These frequently focus on the basics and employers then assuming their team will automatically mitigate every internet security risk in the book going forwards.
This is both unrealistic and dangerous . The increasing sophistication and opportunism of cyber criminals, for example, is resulting in email-based attacks that are becoming more convincing all the time.
For busy people under pressure, a momentary lapse in concentration can result in a cyber security breach – even when they have been given detailed ransomware awareness training.
Instead of placing their employees in the front line of their security strategy, organizations should be working to create a cyber security culture where training and technology combine in order to create an effective defence against attacks including those involving ransomware.
The dangerous over-reliance on ransomware insurance
Sensing the varied and growing risks, many organizations have turned to insurance as a way to mitigate the potential financial impact of a ransomware attack.
However, the recent increase in ransomware insurance payouts may be causing attacks to increase – some experts think that cyber criminals are purposefully targeting organizations who are known to have insurance.
The insurance industry is clearly uncomfortable with these trends. In France, the country’s largest general insurer, AXA, recently said that it will no longer reimburse ransomware payments for customers within the country. Soon after they made that announcement, its business in Asia was hit by a massive ransomware attack, described in some reports as “retaliatory”.
The Financial Times has said that the cost of ransomware cover is “surging”, and that “the severity and volume of incidents has led insurers to become much tougher with corporate customers.” In some quarters, there have even been calls for ransomware payments to be banned. For instance, Ciaran Martin, the former head of the National Cyber Security Centre (NCSC), recently, “called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments.”
Is it ever right to pay the ransom?
Whether victims opt to pay the ransom or not remains a huge area of debate. An official from the FBI recently told Congress that ransomware payments should not be banned, and according to a report in Dark Reading, the U.S. is now unlikely to make it “illegal for organizations to pay ransoms to regain access to data following a ransomware attack.”
Despite the pressure to resist paying the ransom, commercial pressures clearly influence decision-making in many of the organizations who become victims of ransomware attacks.
Recent research, for instance, revealed that six in ten would pay the ransom demands made by cyber criminals. This is despite the fact that paying out on a demand that accompanies a ransomware attack does nothing to guarantee that cyber criminals will provide the decryption software required to return systems to normal.
In fact, a study highlighted by Forbes suggested that as many as 92% or organizations that pay ransomware demands don’t get their data back.
How Glasswall prevent ransomware
New vulnerabilities, such as those exploited in the distribution of files and documents containing ransomware, can remain active and undetected for up to 18 days until antivirus and sandboxing technologies are updated to mitigate the risk or software fixes emerge.
During that window of vulnerability, unprotected infrastructure remains open to attack and as a result, zero day exploits have become a preferred way for cyber criminals and nation state hackers to gain access to networks or to deliver malware.
What’s more, one of the major challenges presented by file-based malware is that approximately 1 in every 100,000 files contain malicious content. Almost all of these (98%) are unknown to antivirus solutions when they are released – effectively making these risks invisible to reactive cyber security technologies.
Instead, security teams need to be given advanced tools so they can take a proactive posture to the risks posed by zero day vulnerabilities.
Glasswall takes a proactive approach to file based threats – our Content Disarm and Reconstruction (CDR) technology identifies and removes risky, zero-day file-based threats from all files in moments – minimising downtime and disruption often caused by traditional anti-virus or sandboxing solutions.
It’s time for another way
Glasswall’s approach proactively and instantaneously rebuilds files to a “known good” standard. Customers benefit from safe, clean files that have been rebuilt to the manufacturer’s published specification, removing any places for malware to hide.
The impact is dramatic and helps to restore trust across every stakeholder that their files are free from malware threats irrespective of where they may be in the supply chain.
The process requires no blocking, no patching, and with no false positives to hold back important documents, delivering only safe, secure and trusted files.
As a result, every file sent or received – via email or the cloud – can be treated with confidence by organisations fully protected from file-based ransomware attacks.
Comprehensive use cases
Glasswall CDR has been developed to meet the needs of a wide variety of organizations who are focused on precise use cases. These include:
Cloud native integrations – The Glasswall CDR (Content Disarm and Reconstruction) platform is a cloud native, open architecture solution that’s infinitely scalable so users aren’t locked into proprietary technologies or service providers. Integration is refreshingly easy–we follow API-first, standards compliant design and integration connectors are free of charge. Just as we’re able to deploy the Glasswall CDR Platform to hosted environments for our customers, we believe you should be able to use Infrastructure-as-Code (IaC) script to deploy the solution into your hosting provider environments.
Data migration – Trust boundaries are everywhere. A cross domain plug-in provides a vital air-gap for files moving between trust boundaries, whether they’re inside the organization or across a public network. To migrate or synchronise file transfers across two or more storage locations, Glasswall CDR ensures that threats can be removed as they transition from folder-to-folder or across a domain interface. Multiple connectors are available to define how the Cross Domain Plug-in communicates with storage repositories before passing the file to the Glasswall CDR Platform for threat removal.
Metadata removal – Reduce the risk of sensitive information being leaked to a third party with Glasswall CDR. Most file formats have associated metadata that comes with the visual data. While this information can be helpful, it also poses a security risk. By removing metadata from every document sent or received, every file that has been Glasswalled minimises the risk of accidental information leaks.
Malware risk removal – Trust your files again – Glasswall CDR disarms and secures every file in real-time. Today’s popular file formats offer many places for malware to hide, and there have been over 300 million ransomware attacks in the first half of 2021 alone. Glasswall removes malware by cleaning and rebuilding files to match their ‘known good’ manufacturer’s specification.
Secure email – Protect your organization from the most stubbornly popular attack vector. With Glasswall CDR users receive secure emails at the speed of business. Glasswall proactively remove threats from every email without delay. Every attachment that comes through is cleaned and rebuilt so it is completely secure. The CDR technology analyzes and disables links within the body of an email by policy to limit the risk of phishing email attacks. As a CISO you can sleep easier knowing your files have been Glasswalled.
SDK Integration – Glasswall SDK Integration enables users to determine how analysis and threat removal integrates into their business workflow using Rest-based APIs. It uses a cloud native Kubernetes-based architecture allowing for massively parallel processing scale, which can be deployed within a public, private or hybrid cloud environment and does not require online access to operate.
File uploads and downloads – To reduce the risk of file-based threats, Glasswall gives users the freedom to download files from the internet without putting their organization at risk by instantly securing files that are uploaded to or downloaded from the web.
Find out more
To find out more about the Glasswall CDR solutions portfolio, and find out more about how to prevent ransomware, click here.