It’s not just the disruption of the pandemic that has been fueling a 485% rise in ransomware attacks over the last year. While that’s definitely a contributing factor, there is another driver of the increased volume and cost of these types of attacks.
We’ve already seen several large ransomware attacks with widespread impacts in 2021. These include the attacks on JBS (Swift, Pilgrims Pride, etc.) and Colonial Pipeline, an attack that increased the price of a gallon of gas nationwide.
More attacks are coming, and they’re being fueled in large part by Ransomware as a Service (RaaS).
RaaS now accounts for nearly two-thirds of all ransomware attacks.
What is RaaS?
Ransomware as a Service is a cloud model that is based on Software as a Service (SaaS). Only instead of making it easier for businesses to get work processes done by subscribing to cloud software, it makes it easier for criminals to conduct ransomware attacks.
RaaS is sold as a subscription for as little as $40 per month and can also include profit-sharing plans, with very little up-front cost and a sharing of the “bounty” from a ransomware hit.
What RaaS has done is make it easy for anyone to try their hand at a big ransom score, even if they’re not a hacker and don’t know a single line of code.
Subscribers get a bundled package that includes things like:
- Phishing emails
- Phishing site
- Ransomware code
- 24/7 help desk support from hackers
- Online tutorial videos and step-by-step instructions
Ransomware as a Service has opened the floodgates for criminals looking to get rich quick. And with the average ransom demand skyrocketing 518% in just the first half of 2021, that’s not just a pipe dream.
Unfortunately, a majority of companies, both large and small, are unprepared for a ransomware attack and end up paying the ransom demand. This fuels more attacks as wannabe hackers look to get a piece of the pie, and the snowball effect continues.
Looking to make more than just a score from a ransomware attack, large criminal organizations and state-sponsored hacking groups have turned to the RaaS model and are now all vying for customers.
What Do You Do to Avoid Becoming a Victim of Ransomware?
Many of the largest attacks happen because of small lapses in basic cybersecurity best practices. For example, the ransomware attack on Colonial Pipeline was successful because the company had an unused VPN account that it never closed, and that account wasn’t protected with multi-factor authentication (MFA).
Preventing a ransomware infection takes using a layered strategy of these types of security best practices.
Back-Up Data Regularly & Test Your Restoration
Backing up all your business data regularly should be a given, and a majority of businesses do this. However, where they fall short is in never testing the data restoration process of a backup.
If you haven’t tested the restore capabilities, you can find that data restoration takes several days, in which case you might feel paying the ransom is a faster option (this happens often in ransomware attacks).
You should regularly test the data restoration of your backups to ensure you have a system designed for fast recovery and to help your team become familiar with the process so it can be done as quickly as possible in the event of an attack.
Use Phishing Protection Tools
Most cyberattacks originate with a simple phishing email that is designed to cleverly fool a user into taking some type of action that introduces ransomware or another malware into your network.
All your employee devices should include proper protection against phishing attacks. Here’s what that looks like:
- Email spam/phishing filter to reduce the number of phishing emails in user inboxes
- DNS filtering to block malicious sites, even after a phishing URL has been clicked
- Advanced antivirus/anti-malware to detect sophisticated threats
- Network and/or device firewall
- Safeguards like Windows 10’s ransomware protection that only allows approved apps to make changes to folders
Use Multi-Factor Authentication (MFA) On All Accounts
With a 99.9% effectiveness rate at preventing fraudulent sign-in attempts, even when the hacker has the user password, there’s no excuse not to use MFA on all your accounts.
Many ransomware attacks happen when an attacker gains access to a platform like OneDrive or Dropbox that houses company files and then unleashes the ransomware in the cloud environment. It then quickly spreads to any syncing devices.
The additional step to authenticate a user as legitimate is well worth it for the significant boost in cloud account security.
Is Your Company Properly Protected from a Ransomware Attack?
With ransomware rising rapidly, you want to make sure you’re fully protected. Texas I.T. Pros can help your Denton or Wise County business with a full security assessment to identify and address any vulnerabilities.
Contact us today to learn more! Call 940-239-6500 or reach out online.