Information security threats have consistently evolved with cybercriminals looking to outsmart security mechanisms and providers. Hackers are getting more innovative, using sophisticated new tactics to target unsuspecting users and businesses. One such threat that has emerged in recent years is ransomware – a scareware attack designed to intimidate a user or business into paying up in exchange for restoring access. The U.S. Department of Justice (DOJ) have described ransomware as a new business model for cybercrime and a global phenomenon. As of 2020, ransomware attacks continue to grow in size and scale, targeting public and private sector organisations globally.
The Threat of Ransomware
Ransomware cases were first reported in 2005, mainly in Russia. However, in recent years, ransomware attacks have spread globally, with cybercriminals targeting global businesses, health care providers, local authorities, educational establishments and governmental agencies.
Ransomware is a type of malicious software that uses encryption to take control of a computer system remotely and prevent the user from accessing critical files and data. Hackers demand a ransom payment in exchange for restoring access. There are several ways the ransomware could make its way to the user's system – the most common method being phishing emails containing malicious links in the email message which take the user to a malicious website. Ransomware can spread quickly across networks, targeting database and file servers. Once hackers have access to business systems and data, organisations are immediately paralysed. Users are locked out of their systems, unable to access files and data.
Ransomware attacks have seen a sharp increase in 2019, most often occurring due to vulnerabilities in organizations' existing security arrangements and the lack of awareness amongst the workforce. Ransomware attacks often rely on human error – targeting unsuspecting users within organisations with legitimate-looking phishing emails and malicious links that create an entry point into systems.
Impact on Businesses
The effects of ransomware attacks can be incredibly devastating on any type of business or organisation. At the outset, day-to-day operations are immediately affected, resulting in loss of access to key business systems and customer data. Most notably, intellectual property, financial and personal data are compromised, putting the business, its employees and its customers at risk of fraud and embezzlement.
The financial consequences are much severe though. Businesses are known to pay out the ransom to hackers in exchange for restoring access to systems and business information. Even if a ransom is paid, access is not always guaranteed. For such businesses and those who refuse to payout, it is often a long and costly journey of restoring access to hacked data and systems and reinstating business operations to normal, which could often take years to recover completely.
A ransomware attack can therefore cause significant financial losses to a business, setting it back by years and causing reputational damage in the process.
Businesses who paid up
In 2019, it was reported that several government agencies, educational institutions and healthcare providers in the US were hit by at least 948 ransomware attacks. It is estimated that more than $176M was spent in responding to these ransomware attacks. The costs went towards paying out a ransom to the hackers, rebuilding networks and restoring backups, and introducing preventative measures to avoid attacks in the future.
Businesses who didn't pay up
Global aluminium producer, Norsk Hydro, found itself at the receiving end of a devastating ransomware attack in 2019. It is reported that up to 22,000 computers were attacked, across 170 different office locations, in 40 different countries. But the company refused to engage with the cybercriminals who targeted them and pay up a ransom. Having resorted to pen and paper initially to get operations back and running, Norsk Hydro has spent more than £45M in repairing systems and restoring access. The loss in productivity and revenue has not been in vain though as they have gained a lot more in reputation.
Information security industry and law enforcement agencies have hailed the global organisation's response as "the gold standard" – for refusing to pay the hackers and being completely transparent about their experience.