TechTalk Tuesday Logo

Ransomware has been a common threat to organizations for years now. Using phishing emails, hackers trick employees into clicking on infected attachments, encrypting all the company’s files. The cybercriminal then extorts the business, asking for thousands of dollars in cryptocurrency in return for the decryption key.

Your company may think it knows all it needs to know about ransomware. But does it?

Cybercriminals have been hard at work changing the ways they stage ransomware attacks to make them harder to avoid. The ransomware itself has evolved, empowering it to delete backup files.

Here’s an overview of 3 things your company needs to know about today’s ransomware in order to defend against it:

ransomeware-attacks-can-happen-often1) Ransomware attacks happen more frequently than you know.

Cybercrime Magazine predicted that ransomware attacks will hit organizations every 11 seconds in 2021. The frequency of ransomware attacks has steadily increased since they gained notoriety in 2016.

According to The New York Times, in 2019 a cybersecurity firm that helps companies hit by ransomware reported that over 205,000 companies submitted files that had been affected by ransomware attacks. This number reflects a 41% increase from the previous year.

The general public may hear about ransomware attacks when they get covered in the news. However, these high-profile attacks are just the tip of the iceberg.

2) Ransomware is a Business.

Ransomware as a service (RaaS) is real and it’s a business. RaaS can be purchased on the dark web for very low prices.

An aspiring cybercriminal can buy an RaaS kit and use it to stage attacks on companies without needing any expertise in coding. Instead, the hacker can deploy the ransomware through a web portal with a user interface. For an investment of under $100, an amateur hacker can earn tens of thousands or even hundreds of thousands of dollars from each successful attack.

Like other as-a-service offerings, RaaS is a cloud-hosted software. Cybercriminals sell it using a cloud-based subscription model. Some RaaS vendors may ask for a commission on any ransoms that are paid out. A RaaS user may even benefit from customer service and support from the vendor.

Forbes reported that one RaaS group is actively recruiting hackers to stage attacks. The group REvil posted an ad on the dark web looking for “affiliates.” REvil developers would receive a 20% to 30% cut of the proceeds of any attack, while the affiliate would earn 70% to 80%. 

ransomware-can-happen-more-than-once3) You can fall victim to ransomware more than once.

Unlike a real virus, victims of a computer virus such as ransomware do not develop immunity. If your company gets infected once, it could get infected again.

Even if your company pays the ransom, you may not be safe. The same security vulnerability that made you susceptible to attack in the first place could make you a repeat victim. Fool me once, shame on you. Fool me twice?

Hackers use social engineering to make their emails convincing to employees. Believing the infected email is coming from a co-worker or superior, the employee clicks on the attachment, releasing the virus again.

Some strains of the ransomware virus bypass phishing emails altogether, allowing the hacker to successfully target your company again even if you learned your lesson the first time.

Experiencing a major cyberattack also advertises your company as an easy mark for other cybercriminals.

The Best Defense Against Ransomware

Armed with new awareness, your company can better prepare for and protect against ransomware attacks. Domain name system (DNS) protection is one of the best weapons you can have in your arsenal. DNS is used by almost every device, so DNS protection is a great way to stop malicious activity at the foundation of the Internet before a threat can reach your company’s network or endpoints.

DNS protection can be supplemented by a robust backup and disaster recovery strategy. Having multiple backup files, including off-site backups, will foil any plot a hacker has to use ransomware to encrypt or delete mission-critical files. Immutable backup fixes your data so it can’t be altered or deleted by ransomware. Air gapping backups takes them offline so they can’t be accessed or corrupted by a ransomware attack.

FirstLight offers DNS Protection powered by Cisco Umbrella. Our DNS Protection uses artificial intelligence to identify new attack patterns so they can be stopped in their tracks before threatening your business. If your network has already been compromised, DNS Protection can contain it, lessening its effects. DNS Protection can be used in tandem with our cloud-based backup and disaster recovery services, providing both a prevention and quick remediation option to help you combat the rising threat of ransomware.

Get the details on how FirstLight DNS Protection can defend your company against ransomware and other threats. Access your copy of our solution brief.