According to ZDNet, the largest ransomware demand now runs upwards to $30 million. In addition, the average ransom paid in exchange for a decryption key necessary to unlock encrypted networks rhas climbed from $115,123 in 2019 to $312,493 in 2020, which represents a 171 percent year-over-year increase (and is the latest figure available).
These data patterns suggest that cyber criminals are having some success as a result of ransomware attacks, and feel confident they can charge more. Ransomware is a type of malware from so-called ‘cryptovirology’ that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Cryptovirology is an emerging field that studies how to use cryptography to design powerful malicious software.
To understand the new corporate risks and what businesses can do to minimize the attack likelihood, Digital Journal spoke with Jeff Brown, who is the CEO at the company Open Systems.
How do ransomware attacks start? Brown’s analysis suggests: “Successful ransomware attacks start long before victims receive demands from the cybercriminals. These types of attacks start with an initial breach where the threat actor’s goal is to establish a foothold in the environment and then do further reconnaissance to locate the victim’s critical data.”
It is here there is the greatest vulnerability, as Brown contends: “It’s during this initial breach phase that companies have the best chance to stop the attack before it takes hold – possibly limiting it to just a single compromised device or even containing the attack before the threat actor achieves their ultimate objective. However, businesses need to know as soon as possible that a breach has occurred in order to it contain it as early in the cyber-kill chain as possible.”
Tackling this is not straightforward, Brown explains: “It is very difficult for businesses to continually monitor for breaches, particularly given the global shortage of cybersecurity talent.”
In terms of what to do next, Brown recommends seeking external provider provision: “Organizations that need assistance addressing ransomware and other cyberthreats can get the expertise and responsiveness they need by partnering with a managed detection and response provider. An experienced MDR provider can efficiently and effectively identify and contain cyberthreats on the enterprise’s behalf based on a pre-authorized playbook.”
