Ransomware is a specific type of malicious software (aka malware) that locks up your devices or an organization’s data in order to ransom that access back to you – sometimes to the tune of millions of dollars. Computers lock up, data disappears, or files become encrypted with no way to recover them. The hacker will then contact their victim to issue conditions for payment to retrieve access. Not only has this cost many businesses millions of dollars, but there is never a real guarantee that paying the ransom will get you back your access. For this reason, law enforcement agencies don’t recommend paying it, but many companies do so anyway.

The big question of the day is how should organizations protect themselves against these targeted attacks? What is the best solution for preventing a ransomware attack? And, if you become a victim, how should you respond? Fortunately, while there is no way to defend against these malicious attacks completely, there is a way to build layers of defense into your cybersecurity strategy to mitigate the fallout of an infiltration.

Ransomware Attack Vectors

Verizon’s 2022 Data Breach Investigations Report (DBIR) highlights four key paths to breaches believed to contribute to ransomware invasions. They are, botnets, exploiting an organization’s system vulnerabilities, phishing and stolen credentials.

Botnets are a network of computers that have been hijacked with malware. The hacker gains the ability to remotely control a victim’s network to do things like mine cryptocurrency or send spam. These can also be leveraged to launch a ransomware attack when different cybercriminals partner up to compromise a system.

System vulnerabilities are technical issues that can lead to attacks. While these kinds of breaches have doubled in the last year, they make up only 7% of successful data breaches. This vector includes bugs in your product, firewall issues, and unpatched system exploits. Third-party vendors, partners, and supply chains can also leave organizations vulnerable.

Phishing is the most likely attack vector used to infiltrate a user’s system or hacking to hijack your system passwords. Phishing scams are becoming incredibly sophisticated, so even the savviest users fall into this trap. According to the DBIR, 35% of ransomware incidents involve the use of email.

However, of all the methods, stealing credentials via simple hacking methods is still one of the simplest and most direct ways to penetrate an organization’s security. Too many users rely on weak passwords – the most common security vulnerability – to protect their accounts. In 2019, weak passwords caused 30% of ransomware infections, and it’s still a major problem for organizations in 2022.

Weak Passwords and Ransomware: A Perfect Pair

Criminals know quite a few methods to steal your credentials, from dictionary attacks to password spraying. And weak passwords are the driving force behind the success of these attacks. When users create passwords that hackers have already exposed in previous data breaches or with common words, combinations, and phrases, threat actors can use relatively easy methods like credential stuffing and password spraying to crack an account. It’s a numbers game that favors the assailant.

When passwords are created with these weaknesses, even encrypting passwords isn’t enough to prevent an attack. Advanced security measures just aren’t enough to protect your networks and systems if your employees and users aren’t building strong, unique, and uncompromised passwords. Unfortunately, this leaves too many organizations with a false sense of security regarding their susceptibility to a ransomware incident.

When hackers infiltrate an organization this way, it’s simple to log in and download malware that will interfere with data backups, encrypt system access, or even spread malignant code to other devices connected to the network.

So, You’re the Victim of a Ransomware Attack: What Now?

Ransomware response can vary greatly depending on your business. Experts recommend shutting down your network to stop the spread of malware once you become aware of an event. Disconnect all devices known to be infected, and consider disabling network connections. Before restoring anything from a backup, you need to ensure that your backups haven’t been compromised too. Employ a clean network to reinstall the OS, and run trusted antivirus software. And always remember that paying a ransom to get your critical business systems back online as fast as possible might be tempting, but it could end up netting you nothing in return. More information can be found in the NCSC guide: Technical Approaches to Uncovering and Remediating Malicious Activity.

Taking the Initiative to Prevent a Payout

According to the DBIR, ransomware attacks are rising rapidly. They make up 25% of total breaches and have increased 13% over the previous year. This surge is greater than the last five years combined. Criminals have discovered that ransomware attacks can net significant profit and are accelerating their efforts to penetrate more businesses and industries worldwide.

The best course of action you can take now is to implement and reinforce a layered defensive strategy before a threat actor comes for your systems. This means being proactive by taking steps like scheduling regular backups for your most important files, practicing good password hygiene, and promoting a cybersecure culture across your organization. Ransomware is a complex problem that is only getting worse as criminals get more creative. Businesses need to address every threat vector and build out multiple safeguards on different fronts to be ready in the event of a ransomware attack. We all need to do our part to stop cybercriminals from profiting from gaps in our security.