Ransomware payments continue to rise even as Law Enforcement and Government officials encourage organizations not to pay. The average Ransomware payment per attack is now over $1 million USD and studies show that over 25% of companies attacked still will pay the ransom. With that being said, only two thirds of those that have been attacked made changes to their cybersecurity plans following the incident. Companies continue to pay the ransoms because they believe receiving the decryption key is the easiest way to restore their networks. Many companies try to keep quiet about an attack to reduce the possible fallout from clients and customers. The Egregor ransomware gang has found an innovative way to make their attacks public and pressure victims into paying. The operation repeatedly prints ransom notes from all available network and local printers after an attack. Other ransomware gangs will likely copy this tactic or find their own original way of drawing public attention to attacks.
Ransomware will continue as long as businesses continue to make payments. Paying ransoms only emboldens cyber criminals and makes a company a continued target for future attacks. To avoid becoming a victim, carefully plan a defense in depth strategy to deter and detect threats before they can accomplish their final objectives. Ransomware threats most often start with access to an employee’s remote desktop login, or through malicious attachments sent via phishing email to employees, or unpatched servers connected to the Internet. First, ensure systems are updated with the latest security patches and ensure Multi Factor Authentication (MFA) is deployed and enforced within your organization so that stolen or weak passwords cannot be leveraged by attackers. Then, position security event monitoring solutions to give analysts the information they need to quickly detect and respond to threats that make it past other security controls. A 24/7 Security Operations Center is necessary to respond in time to stop threats that can strike at any time and which often operate on evenings and weekends. Overall, the cost of a strong security operation is much less expensive than paying ransom payments to criminals, the cost of lost productivity during an attack, and the cost of recovery after an attack.