We recently ran polls on social media (links below) asking people to identify this year’s largest security threats. Although there is still time to participate, the results are unlikely to change given the lead currently held. It seems that ransomware in 2023 is the cyber security threat we all need to be wary of. This should come as little or no surprise when you stop to look at the numbers from recent years.
Follow CRIBB Cyber Security on LinkedIn and visit / follow CRIBB on Twitter.
Ransomware is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key. Once the victim pays the ransom, the attackers may or may not provide the key to unlock the files. Ransomware attacks can cause significant disruption and financial loss for individuals and organisations. It is therefore important to maintain regular backups and to keep software up to date.
Key ransomware statistics
- Ransomware attacks increased 105% in 2021*
- 78% of organisations experienced email-based ransomware attacks in 2021**
- There are 20 ransomware attacks attempted every second*
It is important to note that a successful ransomware attack typically costs the victim more than the ransom itself. Downtime, mitigation, reputational damage, analysis, and increasing insurance premiums all account for that fact. It is perhaps unsurprising to also then note that the cyber insurance market has been deeply affected by the rise in ransomware incidents. A global threat, ransomware attacks can originate from just about anywhere. Last year, CyberProof published research on the origins of ransomware attacks in 2021:
- China – 18.83% of attacks originated from China
- US – 17.05%
- Brazil – 5.63%
- India – 5.33%
- Germany – 5.10%
To reiterate, these attacks are hugely costly and can come from a wide variety of different areas. So how can you try to avoid becoming a victim? What measures can you take to protect yourself and your organisation?
*Data from TechTarget | **Statistics courtesy of Proofpoint
How to prevent ransomware
One of the very first steps to take is to educate yourself on ransomware and the typical path it takes to enter an organisation. From there, you can start to work on your defences:
- 1. A malicious actor implants ransomware via phishing or malicious files / websites and gains access to IT systems
- 2. Vulnerabilities are exploited and malicious functions deployed
- 3. Systems and networks with weak access control / network interfaces concede access to Operational Tech (OT)
- 4. A lack of controls then leads to ransomware spreading even further, to servers, workstations and beyond
- 5. Absent / poor backup processes means a complex and lengthy restoration process
If you are concerned about ransomware in 2023, then we would urge you to read through the points above 2-3 times. Are you ready for a phishing attack? Do you / your employees know how to spot a phishing attempt? Stepping back, do you have a cyber security strategy in place? Do you have an Internal Security Officer (ISO) or suchlike figure? Whether the answer is yes or no, check these 5 points again. Look at number 2; are you aware of the vulnerabilities in your IT infrastructure? Do you have an Access Control List (ACL) as hinted at in the third point?