Ransomware attacks continue to surge, and research shows the average ransom paid to criminals by victim organizations has tripled in the last year. Cybersecurity researchers found that the average ransom paid in North America and Europe rose to $312,493 in 2020. That is up from $115,123 in 2019. Criminals were bold enough in 2020 to demand a $30 million ransom in one instance. That is double the amount of the previous highest known ransom. The FBI has partnered with other U.S. and foreign law enforcement agencies in order to slow the spread of ransomware attacks, but they will likely remain very relevant in 2021 as it has become extremely lucrative for cyber-criminal gangs.
A solid backup plan will ensure that victim organizations can recover in the event of a ransomware attack. Backups should be created and tested on a regular basis to ensure a smooth and up-to-date recovery effort. It is also important to maintain “offline” backups that are not connected to the network. Many ransomware variants search for connected network or USB drives and will attempt to encrypt those as well as local file systems. Organizations should also have an incident response plan in place. A detailed plan should include response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have a Security Operations Center or a managed security monitoring service with expert security analysts on duty, such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network. The Cybersecurity & Infrastructure Security Agency (CISA) provides excellent guides on how to prevent and deal with ransomware infections.