Ransomware – How A Secure Cloud Strategy Can Help
A single e-mail is enough to plunge a company into disaster – an employee has accidentally logged on to a fake platform and thus given access data into the wrong hands. A colleague has downloaded malware onto her computer by opening an attachment. These are scenarios that start a ransomware attack. Learn more about causes and prevention here.
What Is Ransomware and What Threats Does It Bring for Businesses?
Ransomware is malicious software that gives unauthorized people access to company data, programs or even the entire computer system. They prevent the proper use and exclude the affected person or organization from accessing files and systems. As a result, large sums of ransom are extorted from the victims. Access to the data, systems and programs is only restored after payment has been made.
However, ransomware not only threatens individual companies, public authorities or private individuals but also the entire economy. According to the Situation Report for 2021 from the Federal Office for Information Security (BSI), the threat situation is rated as tense to critical.
Ransomware attacks not only have an impact on individual company processes but can also affect the entire supply chain. Damage is also caused outside the initially affected company, for example, to customers, suppliers, and partners.
Cyber-attacks have already led to serious IT outages in every sector of the economy. In some cases, they cause considerable financial damage and threaten production processes, service offerings and customers.
Huge ransoms are already painful for affected companies, but the pressure increases when data is threatened to be made public. While the ransom may be settled inconspicuously, the GDPR requires companies to notify all affected individuals of the data loss. This is not only inconvenient for organizations but can also result in a loss of trust.
How Can I Protect My Business From Ransomware?
Increasing digitalization and the growing number of home office workplaces pose new security challenges for companies. For this reason, employees should be sensitized to the issue of proper cyber-security. Ransomware is often sent in deceptive-looking emails as attachments or links. The sender likes to impersonate a team member or customer. The malicious file is downloaded to the company device with a single click and starts to spread. To avoid this as best as possible, companies can offer regular training and conduct random tests to raise awareness of ransomware and similar malware.
If despite all security measures a ransomware attack should still strike your company, it helpful to have an emergency plan at hand. With the help of the emergency plan, those responsible in the company can act more quickly and keep the damage caused by the ransomware attack as low as possible. Digital Information World recommends, for example, the following steps in the event of an emergency:
- Immediately disconnect or remove any potentially affected or suspicious company devices from your network.
- Carefully inspect the damage that has been done.
- Identify the ransomware to determine if and which relevant authorities or individuals need to be notified.
- Inform the relevant authorities and affected persons.
How Do Cloud Services Help Against Ransomware?
The majority of companies already use the advantages of the cloud. In addition to increased flexibility, efficiency in team communication and optimized workflows, company data can be accessed at any time and from any location.
In fact, cloud services can also be very helpful for companies in mitigating damage from ransomware attacks. In most cases, attackers target locally stored data and often aim for central storage locations such as network drives. Cloud storage does not offer this attack surface at all. Therefore, it is advisable for companies to regularly store backups in the cloud, in case their work has not already been completely moved to the cloud anyway. With up-to-date and, above all, complete backups, companies can restore their data from there in the event of local attacks.
Your company is not yet ready to move to the cloud? By encrypting your network drives you can keep attackers from centrally accessing your data, as well. Boxcryptor offers encryption not only for cloud storage, but also for local storage solutions.
Cloud services, such as Dropbox, offer a version history function that gives companies access to both the current and previous versions of a document. Each time a document is edited, a new version of the file is automatically saved. In the event of data loss, companies can access the last versions and restore them. With Dropbox Professional and Business, for example, you can restore up to 180 days of previous versions of your documents. You can find more information about this here.
However, this does not mean that cloud services automatically protect company data from ransomware attacks with the help of backups. Additional security measures are always beneficial to minimize or even eliminate the risk from malware or the damage caused.
Encryption and Leakware: Encrypt your Data Before Others Do
Every company possesses sensitive information that should not be published where possible. In addition to personal data, this also applies to business confidentiality. In a leakware attack, attackers encrypt the sensitive data and threaten to publish it. Even if the ransom is paid, the affected company cannot be sure that the data will not be published anyway. Therefore, it is advisable to protect sensitive data as best as possible and to encrypt it yourself. Because: files that have been protected with encryption solutions, such as Boxcryptor, are useless to unauthorized persons.
In the case of a ransomware attack on your central storage system, encryption has the advantage of properly securing the data contents from the malicious software. The attackers only receive worthless strings. Thus, without interesting data, no worthwhile attack scenario arises, since the affected company cannot be blackmailed into paying a ransom.
In the event of a data leak with unencrypted data, there is also no guarantee that the data will not be published at some point – ransom paid or not. This would hit companies particularly hard, as they would suffer a high financial loss and have to take responsibility for the loss of data.
According to a study by BlackFog the United States ranks highest among countries most affected by ransomware attacks in 2020 and 2021. Ransomware attacks occur across industries, with government, education, and healthcare being the top 3 industries at highest risk. Another study (in German) shows that 37% of companies worldwide fell victim to ransomware attacks.
The average total cost of ransomware removal has doubled to over €1.6 million from 2020 to 2021. A big case of a ransomware attack with payment of ransom is Brenntag North America. In April 2021, a hacking group called DarkSide was able to penetrate the system of the world-leading chemical distribution company, infecting and encrypting 150GB of data. The hackers initially demanded a ransom of over $7.5 million in bitcoins, but the corporation was able to push the amount down to $4.4 million.
Ransomware attacks are happening. Nothing is going to change that for now. The question is how well or poorly prepared an organization is when the inevitable happens. Fortunately, there are things you can do about it:
- Make your teams aware of SPAM and phishing emails.
- Work in the cloud or on end-to-end encrypted network drives.
- Encrypt your data with end-to-end encryption.
If you implement these three tips, your company will be in a better position than 37 percent of companies worldwide. Use this knowledge to your advantage.