Ransomware attacks continue to increase. Despite some victories (recovery of most of the Colonial Pipeline ransom) the "bad guys" are still winning the war. Basically, they have all the advantages. "Ransomware-as-a-service" provides novice hackers with a kit for about $50. The real professionals are often supported by nation states.
When organizations do not take steps to keep their data and systems safe, the result is a devastating attack, and ransom is only part of the cost.
Steve King has just reposted an article originally published 12/18/2019 on ransomware risk management. The full article is at https://www.bankinfosecurity.com/blogs/ransomware-risk-management-11-essential-steps-p-2841. Here are his recommendations:
- Back up systems, locally and in the cloud. Test the backups.
- Segment network access so attackers can't compromise the entire network.
- Use "least privilege" - users should only be able to access what they need.
- Implement early threat detection; use network monitoring systems. Most attacks can be deterred by patching.
- Install, and regularly update, anti-virus software.
- Train all employees, from top management down, in cybersecurity practices on a regular basis.
- Insist on strong password security.
- Block mail from unknown sources.
- Manage vulnerable plug-ins, including "bring your own device".
- Buy cyber insurance with full coverage.
- Do not pay ransom unless insured. (Insurance for ransom payments may not always be available, or may be prohibited by law.)
The cost of protection for a small or medium size business may be less than $100,000 plus insurance and training. Ransomware attacks may cost in the millions, including lost revenue, data restoration, regulatory fines and loss of reputation.