LOFFLER The State User guide

Brand: LOFFLER

Model: The State

Type: User guide

LOFFLER The State is an advanced network security device that provides comprehensive protection for your home or business network. With its cutting-edge features, it safeguards your data and privacy from a wide range of cyber threats. The State effectively blocks malicious websites, prevents unauthorized access, and ensures secure remote work connections through its advanced firewall and VPN capabilities. Additionally, it offers real-time threat detection and response, ensuring your network remains protected from the latest cyberattacks.

THE STATE OF

RANSOMWARE

TODAY

2www.loffler.com

WHAT IS RANSOMWARE?

Ransomware is malicious software that infects computers

and restricts access to files and data until a ransom is

paid.

Ransomware can affect individuals and organizations of

any size. As an equal opportunity threat, ransomware

impacts SMBs just as much as large organizations.

Attackers often deploy ransomware after a successful

phishing or credential harvesting attack, or through drive-

by downloads.

Ransomware is designed to

encrypt or lock access to

files, thereby preventing

access to critical business

systems.

As a result, organizations

can face days of network

downtime and quickly lose the trust of their customers.

It's a growing threat that inflicts significant damage to

individuals, businesses, educational institutions and

government organizations across the world.

Ransomware has become alarmingly commonplace in

recent years. Weekly ransomware activity continues to

grow each year and criminals are becoming more

demanding in their ransom demands.

The compounding growth in computing power also makes

it easier for hackers to obtain and deploy ransomware

software through the dark web. Large criminal

organizations even sell Ransomware-as-a-Service

software via the dark web, enabling unskilled hackers to

successfully carry out an attack.

Business disruptions and network downtime can cost

organizations millions if hit with ransomware. Downtime

and lost productivity are major drivers of ransomware-

related costs along with response, remediation and

recovery costs.

Ransomware can also have an enormous negative

impact on your organization's reputation and customer

trust. This can tarnish current customer relationships and

impact future sales for years following an attack.

3www.loffler.com

THE IMPACT OF

RANSOMWARE

4www.loffler.com

10 KEY RANSOMWARE

STATISTICS

Ransomware cost the world $20 billion in

2021. That number is expected to rise to $265

billion by 2031.

In 2021, 37% of all organizations were

affected by ransomware.

On average, it cost $1.85 million to recover

from a ransomware attack in 2021.

IT teams are facing a 64% year-over-year

increase in ransomware threats.

The majority of ransomware attacks are caused

by phishing emails.

The average ransom fee has increased from

$5,000 to around $200,000.

The average downtime after a ransomware

attack is 21 days.

Ransomware attacks were responsible for

almost 50% of all healthcare data breaches in

2020.

Around 66% of universities lack basic email

security configurations.

In 2021, the average payout by a mid-sized

organization was $170,404.

10.

David Braue, "Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031." Cybercrime Magazine. Jun. 3, 2021.

'The State of Ransomware 2021." Whitepaper. Sophos Ltd. April 2021

"Cybereason: 80% of orgs that paid the ransom were hit again." Venture Beat. June 16, 2021.

5www.loffler.com

TYPES OF

RANSOMWARE

Crypto Ransomware

This type of ransomware encrypts files on a

computer making them inaccessible without a

decryption key. Once encrypted, hackers demand

a ransom payment in exchange for the key. This

type of ransomware generally affects only data

files on the encrypted machine.

Locker Ransomware

Unlike crypto ransomware, this type affects the

machines directly by making them unusable.

Once payment is received, the hackers will – in

theory – unlock the impacted machines. This is an

older type of ransomware that is still seen at

times.

Double Extortion Ransomware

This type of ransomware encrypts and exports

victims' data to use as blackmail. Attackers will

threaten to publish stolen data if the ransom isn't

paid. This means that if a victim is able to recover

using backups, the criminals still have leverage.

6www.loffler.com

PAY THE RANSOM?

Falling victim to a ransomware attack is a worst-case

scenario. You're most likely looking at high costs

whether you choose to pay or not. Investigation,

remediation and recovery costs add up quickly.

So, why not pay the ransom?

No Guarantees

Paying cybercriminals for the safe return of your data is

a risky venture. There's no contract in place ensuring

you receive everything back. Plus, hackers can easily

make copies of your data to sell. Various sources

estimate that 65-85% of data is recovered when the

ransom is paid.

Fueling the Machine

In many cases, it may be easier and cheaper to take the

risk and pay the ransom, although paying only supports

the ransomware business model and puts every

organization that uses technology at risk. This leads

business leaders to a moral dilemma.

What's the Right Move?

Law enforcement agencies advise not paying because

doing so encourages future ransomware activity. Paying

can also be illegal due to funding criminal endeavors.

It's recommended to engage with an incident response

team, your cyber-insurance company, law enforcement

and other regulatory entities before entertaining the idea

of paying.

7www.loffler.com

KEEP YOUR DATA SAFE

The truth is no organization is immune to cyber-attacks.

The best way to protect your organization is to take a

proactive approach to IT Security. Here are some steps

to take to mitigate risk.

1. Multi-Factor Authentication (MFA)

Implement Multi-Factor Authentication for all critical and

public-facing systems.

2. Security Assessments & Vulnerabilty Scanning

Perform an annual security assessment and an annual

vulnerability scan to determine risks that are specific to

your organization.

3. Create a Security Steering Committee

Create a security steering committee to drive continous

improvement. Use the data gathered from annual

assessments to address any unique cybersecurity risks to

your organization.

4. Maintain Full Data Backups

Ensure backups are complete, perform test restores

regularly and have an "air-gapped" and encrypted copy of

the backups that cannot be deleted by an attacker.

5. Detect & Prevent Malicious Software

Implement an Endpoint Detection & Response solution to

protect your laptops, desktops and servers beyond what a

traditional antivirus can achieve.

8www.loffler.com

6. Educate End-Users

Train employees on your organization’s cybersecurity

policies, security best practices and email security, and

test their knowledge with simulated phishing emails on a

regular basis.

7. Create an Incident Response Plan

An IR Plan acts as a playbook for your organization to

follow in the event of a cyber attack or suspected

compromise. Test and review your plan annually.

8. Manage Your Technology Lifecycle

Manage the lifecycle of hardware and software to ensure

you don’t have unsupported systems that introduce

security risks.

9. Enable Centralized Logging & Alerting

Enable centralized and managed logging analysis and

alerting for all systems, software, cloud services and

firewalls.

10. Create Clear Cybersecurity Policies

Implement cybersecurity policies that employees will be

able to understand and follow without causing end-user

frustration.

Ready to Protect

Your Organization?

9www.loffler.com

Get a Free IT

Security Health

Check Consultation

10www.loffler.com
IT SECURITY RESOURCES
Downloads
Cybersecurity Checklist
Cybersecurity Risk Quiz
Videos
How to Survive a Ransomware Attack
Small Business Cybersecurity Tips
What is a Security Score?
10 Ways to Improve Cybersecurity Insurability & 
Minimize Rates
Blogs
The Real Cost of Network Downtime
8 Tips to Lower Cyber Insurance Rates
10 Questions to Assess if Your Cybersecurity Plan is 
Ready for an Attack
How to Prevent Phishing Emails from Harming Your 
Workplace

LOFFLER The State User guide

LOFFLER The State User guide

LOFFLER The State User guide

Other documents