Summary: This 3-minute article explores the cyber security required to protect against ransomware attacks. Also, learn about triple extortion ransomware and how to prevent an attack. Then, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com for a cyber risk analysis and to discuss your SMB’s overall cyber security plan.
Most businesses understand the importance of cyber security. With a dramatic uptick in cybercrime since the pandemic, SMBs have been the “low-hanging fruit” targeted by hackers. A large corporation might be able to survive a cyberattack. However, over the past few years, 60% of small businesses attacked by cyber thieves have gone out of business within the next six months. Ransomware attacks are of particular concern because they hold business data hostage, slow down or stop normal operations and can require the paying of ransom demands. In addition, they can entail other costs that include hiring IT experts and possible legal fees and penalties related to defending lawsuits from vendors and other parties affected.
Ransomware attacks use crippling malware that encrypts a victim’s data, making it unreadable, and then holds it hostage until the victim pays the ransom demands. Under a ransomware attack, a business will not have access to its files, databases and applications. Ransomware can be programmed to spread throughout a network, targeting servers and preventing most, if not all, company functions. Once the target files are encrypted, the ransomware demands the user pay a specific ransom amount, usually paid within 24-48 hours, to have the files decrypted. In the worst cases, the ransom is paid but the hacker doesn’t decrypt the data.
As quickly as cyber security experts develop new defensive protections, cybercriminals follow with new variations of their attacks. Also, user-friendly malware kits have become available online, allowing IT novices to create their own ransomware without much computer knowledge. Many newer attacks hit entire server disks instead of just specific files. Because ransomware attacks can be so lucrative, nefarious ransomware creators often ask for a cut of any ransom collected by their customers. There are also reports of ransomware gangs that work together on coordinated attacks.
Ransomware attacks of any kind are disastrous. But hackers have continued to refine and expand their attacks by adding additional layers of ransomware extortion. Double extortion malware attacks are about more than just getting the ransom paid. In a double extortion attack, the hackers completely copy the target’s data for additional leverage if the ransom isn’t paid. In ransom negotiations, they can also threaten to release the data and make it public. Disclosure of private or proprietary data can often seriously damage or even bankrupt a target SMB. If double extortion ransomware wasn’t bad enough, cyber thieves have created a worse version, called triple extortion ransomware.
Triple extortion ransomware can also launch distributed denial of service (DDoS) attacks that cripple the business associate’s business and the original target. Cybercriminals also use burner phones to make threatening phone calls to turn up the pressure for ransom payments. High-compliance organizations charged by law with protecting clients’ private data are exposed to monetary repercussions beyond the ransom, because the compromised third-party data can incur significant legal expenses and financial penalties.
Ransomware attacks have increased every year and are up over 500% in the last few years, damaging reputations and bankrupting companies.
Fortunately, protective measures can be implemented to protect against and mitigate the consequences of a single, double or triple ransomware attack:
Ransomware attacks are becoming more sophisticated all the time. As the attacks evolve, using a DIY approach to ensure protection is becoming increasingly more challenging. It might be time to hire IT experts with extensive cyber security knowledge and experience to help lock down your sensitive, hard-earned business data.