2016 saw the threat of ransomware take off, growing by an estimated 300%. Non-targeted ransomware grew slowly but the increase in the malware targeted at business accelerated. The ransomware threat has grown from 18% of all malware In January 2016 to over 66% in 2017 as reported by Malwarebytes.
Frequency of Ransomware Attacks
Individuals were attacked once every 20 seconds while business saw an attack about every 2 minutes at the start of 2016. By the end of the year the attacks were occurring once every 10 seconds against an individual and once every 40 seconds against a business.
Cost of Attacks
Cybersecurity Ventures predicts that ransomware damage costs will exceed $5 billion in 2017; up more than 15 times from 2015. Additionally Symantec reports that the average ransom demand in 2016 was $1077, a 266% increase from the year before. Kaspersky Labs advised that 20% of companies paying a ransom did not get their data back.
Intermedia, calculated the costs to include damage/destruction to data, downtime, lost productivity, post-attack disruption to the normal course of business, restoration and deletion of data and systems, harm to reputation, and employee training in direct response to the ransomware attacks.
Defending Against Attacks
Back up all your data regularly. The plan should ensure that the amount of data lost after a ransomware attack is minimized as much as possible.
Check the status of backups. Ensure backups are completed successfully, and resolve any issues as soon as possible.
Have some offline backup copies. Data stored offsite, on tape or other offline media isn’t as easy to compromise as local backups. If an attack is successful the hackers may also try and compromise the backup system to prevent restores. Offsite & Offline backups reduce that risk.
Perform regular restore tests. Knowing data is backed up is great, but you should verify that restores work. Don’t wait until the restore is needed to see if it works.
Don’t use the same credentials for everything. Backup credentials should be used only for that purpose. The more people who have access to the credentials, the more likely it is they will be compromised.
Don’t ignore suspicious behavior. For example, if data is encrypted, incremental backup sizes will increase dramatically and backup jobs will take longer. This may indicate that data has been compromised.
For more information contact Jim Hendy: firstname.lastname@example.org.