As cyberattacks become more prevalent, ransomware stands out as one of the most dangerous threats to businesses. In the past two years, ransomware attacks have increased over 97%,ⁱ yielding yearly revenues of $25+ million for hackers and costing businesses more than $75 billion per year.ⁱⁱ In 2018, companies spent an average of $369,000 responding to ransomware attacks, and over 60% of businesses reported being hit by one or more of these attacks globally.ⁱⁱⁱ With the number of yearly ransomware victims being estimated in the millions, larger companies have become popular targets.^iv

Ransomware is a form of malware that has become the tool of choice for cybercriminals. During a ransomware attack, the hacker breaches a business’s data and/or computer network and uses encryption methods to prevent users from accessing it.^v The data or network is held hostage until a ransom is paid, and the ransom demand typically requires victims to pay through Bitcoin or other forms of untraceable cryptocurrency.^v Attacks often begin when an employee receives a deceiving “phishing” email that tricks the user into clicking a malicious attachment or a URL link.^v However, this is not the only vector for ransomware attacks. Hackers can exploit several vulnerabilities within a user’s computer system to launch the virus, and the resulting impact of a ransomware infection can be devastating. A virus can begin on one device and rapidly spread throughout an entire corporate network, encrypting everything from shared devices to backup servers -- potentially crippling all of a company’s operations.^v

Hackers are targeting larger entities and demanding higher ransoms, making the threat of ransomware more alarming now than ever before.^vi Recent data breaches and attacks demonstrate how vulnerable businesses and organizations are to ransomware. For example, WannaCry, a ransomware variant that emerged in 2017, attacked over 200,000 computers in approximately 150 countries in just four days.^vii Britain’s National Health Service, a victim of WannaCry, reported costs totaling more than $100 million to mitigate the ransomware damage.^vii In that same year, FedEx reported that it spent over $300 million in response to an attack by another ransomware variant known as NotPetya.ⁱ Ryuk, yet another ransomware variant, extorted 705 Bitcoins from corporate victims in a matter of five months in 2018, for an estimated worth of $3.7 million.^viii The lowest Ryuk ransom demand was 1.7 Bitcoins which roughly converts to $14,000 and the highest Ryuk ransom was for 99 Bitcoins which roughly converts to $830,000.^viii Moreover, the City of Atlanta was targeted by the SamSam ransomware variant in 2018, which demanded a ransom of $50,000.ⁱ Atlanta ultimately spent over $5 million in response efforts,ⁱ which demonstrates how the total cost of an attack can far exceed the initial ransom demand due to expenses related to system downtime, hiring IT support, and restoring data and/or computer networks.

More recently, a ransomware attack disabled email, flight and baggage information screens at the Cleveland Hopkins International Airport in April 2019.^ix The airport’s computer systems involved in the attack were offline for nearly a week.^ix

What precautions can be taken against ransomware?

Malware developers are continually creating and releasing over 100,000 new variants of ransomware daily, thus making it impossible to attain absolute protection against an attack.^x However, implementing the following security measures can greatly reduce the risk of a ransomware attack or diminish its impact. 

• Seek advice from your legal counsel who can provide a variety of services to inform users of important data privacy and cybersecurity information, and to assist with implementing security protocols. Gaining an understanding of data privacy laws can help your business avoid potential state and/or federal violations.
• Regularly conduct system backups and instruct your IT staff to re-engineer backed-up data so that it is not vulnerable to attack. If ransomware hackers gain access to your data backups, their ransom demands may increase. It is also important to regularly update your computer networks and to patch any known vulnerabilities.
• Hold end-user training sessions to educate employees on how to identify suspicious communications that may contain ransomware. A single training session can reduce the risk of a successful phishing attack by 20%.^x
• Use firewalls, antivirus software, ad-blockers, and email scanning services to prevent suspicious communications from reaching your network and to warn users of suspicious websites, links, and attachments.
• Stay updated on cybersecurity information by following sources such as the ABA’s Cyber Security Legal Taskforce, the Better Business Bureau, FTC scam alerts, and the FBI’s ransomware prevention and business continuity guidance notes.

What should be done in response to a ransomware attack?

Despite putting forth your best efforts, your computer system may still be attacked by ransomware. If this occurs, you should take action immediately to mitigate the damage.