The Threat of Ransomware to Businesses

Almost every business needs modern technology to stay competitive in their industry. This can even include housing proprietary company information and procedures on cloud platforms. Despite the business advantages digital transformation offers, it also opens up new risks you need to effectively manage. One risk that needs to be managed is the threat of a ransomware attack.

A Ransomware Attack is a type of malware assault in which the attacker seizes the user’s data, folders, or entire computer until a “ransom” price gets paid. This article will discuss what makes ransomware deadly to a business’s infrastructure.

How a Ransomware Attack Works

Most attackers use typical phishing emails to launch ransomware attacks. These emails allow the infected file to access the victim’s computer if the victim downloads a file from the email. In most circumstances, attackers use PDF, DOC, XLS, or other common file types to hide the ransomware.

The ransomware code takes over the victim’s system as soon as a file with malicious code is downloaded on the victim’s device. Ransomware can also remain dormant on a device until a user interacts with the file carrying the code. Depending on the computer’s settings, ransomware may proceed to attack files, folders, or the entire system.

The Risks Businesses Face from Ransomware Attacks

Ransomware attacks come with several dangers, including the potential loss of access to crucial files and delays in key corporate operations. Many businesses experience extended periods without access to important files, costing thousands or even millions of dollars in lost productivity.

In addition to the delays in company operations, companies need to pay ransom to cybercriminals. However, even after paying the demanded sum, the vast majority never recoup all of their data. Additionally, afflicted organisations still need to revamp the cybersecurity measures they take after a ransomware event.

To make matters worse, malware attacks on a company’s data also wreak havoc on its public image. As one might expect, customers and business partners will have less faith in a company if it fails to protect its data.

How Much Do Ransomware Attacks Cost?

SamSam ransomware alone earned $1 million in ransom money in the first quarter of 2018. For the most part, medical institutions and healthcare organisations are more susceptible to ransomware since they are more inclined to pay if their systems are in danger of infection. According to a Sophos report, 66% of healthcare organisations experienced a ransomware attack in 2021.

In 2017, ransomware attacks on financial institutions infiltrated 90% of the sector, according to industry estimates. Comparing Q4 2018 to Q4 2019, the average ransomware demand rose to $84,116.

Although some industries are more likely to be attacked, ransomware attacks can impact any business.

• Worldwide cybersecurity increased from $183.2 billion in 2019 to $230 billion in 2021.
• According to a 2019 Emsisoft analysis, ransomware attacks cost more than $7.5 billion in 2019.
• According to 2020 research from Coveware, the average cost of ransomware attacks in the fourth quarter of 2019 increased by 104%. This increase was based on $41,198 in Q4 2018.

Furthermore, 2021 was a crucial year for ransomware. Although most businesses decide not to reveal ransomware payments, some victims have done so. By doing this, they may highlight the threat of ransomware for up-and-coming business owners while assisting law enforcement and cybersecurity researchers in combating it.

Real-World Examples of Ransomware Attacks

While businesses continue to become more aware of ransomware attacks, they still regularly occur. Here are just a few of the countless real-world examples of ransomware attacks:

Acer

REvil is a group alleged to be behind several recent ransomware assaults. The group hit PC maker Acer with a $50 million ransomware demand in March 2021. The hackers turned down Acer’s offer to pay $10 million in return. In October 2021, a second hack on Acer’s servers in India occurred; this time, the Desorden Group was responsible for the data theft.

Brenntag

In May 2021, the top German chemical producer Brenntag paid a DarkSide RaaS attacker a $4.4 million ransom. The group’s North American servers were the target of the ransomware attack, and the hackers said they had taken over 150 GB of data. Despite denying having acquired the credentials, the attackers claimed to have accessed Brenntag’s systems through stolen credentials.

CNA Financial Group

In March 2021, CNA Financial Group, a Chicago-based insurer, paid a startling $40 million to ransomware hackers just two weeks after a significant data breach.

According to reports, the cybercriminals allegedly created Phoenix Locker ransomware. This ransomware reportedly got employed by the Russian cybercrime group Evil Corp. The FBI offered a $5 million reward in 2019 for information that resulted in the capture of the group’s suspected leader.

JBS

JBS is the largest beef supplier in the world, and they paid cybercrime group REvil an $11 million ransom following an attack in May 2021 that forced the closure of operations in the US and Australia. The payment, according to JBS, was given to guarantee that the stolen data would not be exposed, even though the company could repair most of its systems on its own.

Colonial Pipeline

The Colonial Pipeline is the largest refined oil pipeline system in the US, pumping a maximum capacity of up to 3 million barrels between New York and Texas daily. Thus, it is not surprising when it made headlines across the globe on May 7, 2021, when it was subject to a DarkSide RaaS attack.

Colonial Pipeline immediately decided to pay, but not before fuel shortages in the Southeast US increased and hours-long lines started to form at petrol stations. A month later, the US Department of Justice declared that it had successfully recovered about $2.3 million of the ransom.

Conclusion

Security teams need to be more aware of the threats posed by ransomware as it continues to expand across industries as a threat every business needs to mitigate. Fortunately, you can effectively reduce your risks of falling victim to a ransomware attack by taking a comprehensive approach to cybersecurity.

Here at Pentest People, we created our Ransomware Defence Assessment, to actively mitigate the threats and risks of ransomware attacks against businesses.

‍