2. LOFFLER
  3. The State
The State

LOFFLER The State User guide

  • Hello! I'm your chat assistant, and I've reviewed this document about ransomware. It provides a comprehensive overview of the topic, including its definition, impact, and various protection strategies. I'm ready to help answer any questions you have about the information in this white paper and guide you through the key concepts and recommendations.
  • What is ransomware?
    What are the main causes of ransomware attacks?
    What are some ways to protect my organization?
THE STATE OF
RANSOMWARE
TODAY
2www.loffler.com
WHAT IS RANSOMWARE?
Ransomware is malicious software that infects computers
and restricts access to files and data until a ransom is
paid.
Ransomware can affect individuals and organizations of
any size. As an equal opportunity threat, ransomware
impacts SMBs just as much as large organizations.
Attackers often deploy ransomware after a successful
phishing or credential harvesting attack, or through drive-
by downloads.
Ransomware is designed to
encrypt or lock access to
files, thereby preventing
access to critical business
systems.
As a result, organizations
can face days of network
downtime and quickly lose the trust of their customers.
It's a growing threat that inflicts significant damage to
individuals, businesses, educational institutions and
government organizations across the world.
Ransomware has become alarmingly commonplace in
recent years. Weekly ransomware activity continues to
grow each year and criminals are becoming more
demanding in their ransom demands.
The compounding growth in computing power also makes
it easier for hackers to obtain and deploy ransomware
software through the dark web. Large criminal
organizations even sell Ransomware-as-a-Service
software via the dark web, enabling unskilled hackers to
successfully carry out an attack.
Business disruptions and network downtime can cost
organizations millions if hit with ransomware. Downtime
and lost productivity are major drivers of ransomware-
related costs along with response, remediation and
recovery costs.
Ransomware can also have an enormous negative
impact on your organization's reputation and customer
trust. This can tarnish current customer relationships and
impact future sales for years following an attack.
3www.loffler.com
THE IMPACT OF
RANSOMWARE
4www.loffler.com
10 KEY RANSOMWARE
STATISTICS
Ransomware cost the world $20 billion in
2021. That number is expected to rise to $265
billion by 2031.
In 2021, 37% of all organizations were
affected by ransomware.
On average, it cost $1.85 million to recover
from a ransomware attack in 2021.
IT teams are facing a 64% year-over-year
increase in ransomware threats.
The majority of ransomware attacks are caused
by phishing emails.
The average ransom fee has increased from
$5,000 to around $200,000.
The average downtime after a ransomware
attack is 21 days.
Ransomware attacks were responsible for
almost 50% of all healthcare data breaches in
2020.
Around 66% of universities lack basic email
security configurations.
In 2021, the average payout by a mid-sized
organization was $170,404.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
David Braue, "Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031." Cybercrime Magazine. Jun. 3, 2021.
'The State of Ransomware 2021." Whitepaper. Sophos Ltd. April 2021
"Cybereason: 80% of orgs that paid the ransom were hit again." Venture Beat. June 16, 2021.
5www.loffler.com
TYPES OF
RANSOMWARE
Crypto Ransomware
This type of ransomware encrypts files on a
computer making them inaccessible without a
decryption key. Once encrypted, hackers demand
a ransom payment in exchange for the key. This
type of ransomware generally affects only data
files on the encrypted machine.
Locker Ransomware
Unlike crypto ransomware, this type affects the
machines directly by making them unusable.
Once payment is received, the hackers will – in
theory – unlock the impacted machines. This is an
older type of ransomware that is still seen at
times.
Double Extortion Ransomware
This type of ransomware encrypts and exports
victims' data to use as blackmail. Attackers will
threaten to publish stolen data if the ransom isn't
paid. This means that if a victim is able to recover
using backups, the criminals still have leverage.
6www.loffler.com
PAY THE RANSOM?
Falling victim to a ransomware attack is a worst-case
scenario. You're most likely looking at high costs
whether you choose to pay or not. Investigation,
remediation and recovery costs add up quickly.
So, why not pay the ransom?
No Guarantees
Paying cybercriminals for the safe return of your data is
a risky venture. There's no contract in place ensuring
you receive everything back. Plus, hackers can easily
make copies of your data to sell. Various sources
estimate that 65-85% of data is recovered when the
ransom is paid.
Fueling the Machine
In many cases, it may be easier and cheaper to take the
risk and pay the ransom, although paying only supports
the ransomware business model and puts every
organization that uses technology at risk. This leads
business leaders to a moral dilemma.
What's the Right Move?
Law enforcement agencies advise not paying because
doing so encourages future ransomware activity. Paying
can also be illegal due to funding criminal endeavors.
It's recommended to engage with an incident response
team, your cyber-insurance company, law enforcement
and other regulatory entities before entertaining the idea
of paying.
7www.loffler.com
KEEP YOUR DATA SAFE
The truth is no organization is immune to cyber-attacks.
The best way to protect your organization is to take a
proactive approach to IT Security. Here are some steps
to take to mitigate risk.
1. Multi-Factor Authentication (MFA)
Implement Multi-Factor Authentication for all critical and
public-facing systems.
2. Security Assessments & Vulnerabilty Scanning
Perform an annual security assessment and an annual
vulnerability scan to determine risks that are specific to
your organization.
3. Create a Security Steering Committee
Create a security steering committee to drive continous
improvement. Use the data gathered from annual
assessments to address any unique cybersecurity risks to
your organization.
4. Maintain Full Data Backups
Ensure backups are complete, perform test restores
regularly and have an "air-gapped" and encrypted copy of
the backups that cannot be deleted by an attacker.
5. Detect & Prevent Malicious Software
Implement an Endpoint Detection & Response solution to
protect your laptops, desktops and servers beyond what a
traditional antivirus can achieve.
8www.loffler.com
6. Educate End-Users
Train employees on your organization’s cybersecurity
policies, security best practices and email security, and
test their knowledge with simulated phishing emails on a
regular basis.
7. Create an Incident Response Plan
An IR Plan acts as a playbook for your organization to
follow in the event of a cyber attack or suspected
compromise. Test and review your plan annually.
8. Manage Your Technology Lifecycle
Manage the lifecycle of hardware and software to ensure
you don’t have unsupported systems that introduce
security risks.
9. Enable Centralized Logging & Alerting
Enable centralized and managed logging analysis and
alerting for all systems, software, cloud services and
firewalls.
10. Create Clear Cybersecurity Policies
Implement cybersecurity policies that employees will be
able to understand and follow without causing end-user
frustration.
Ready to Protect
Your Organization?
9www.loffler.com
Get a Free IT
Security Health
Check Consultation
10www.loffler.com
IT SECURITY RESOURCES
Downloads
Cybersecurity Checklist
Cybersecurity Risk Quiz
Videos
How to Survive a Ransomware Attack
Small Business Cybersecurity Tips
What is a Security Score?
10 Ways to Improve Cybersecurity Insurability &
Minimize Rates
Blogs
The Real Cost of Network Downtime
8 Tips to Lower Cyber Insurance Rates
10 Questions to Assess if Your Cybersecurity Plan is
Ready for an Attack
How to Prevent Phishing Emails from Harming Your
Workplace
/