One of the main reasons ransomware keeps growing is simple: because it works. All a criminal needs to get into a corporate network and carry out an attack is for a user to have a weak password, or slip up and initiate a malicious email attachment.

Another reason is because extortion has become a highly profitable business. The average ransom paid by victim organisations in Europe, the United States and Canada almost tripled in 2020, reaching the amount of $312,493. And with the spread of double extortion tactics, this number continues to grow, according to statistics gathered by researchers.

In Brazil, ransomware-type attacks cost companies that choose to pay the ransom an average of US$570,000, or R$2.8 million. When considering the total impact of this type of attack, the volume is even higher, according to studies: US$800,000, approximately R$4 million. Losses accounted considering unavailability time of IT environments, backup restoration, hiring agents for remediation, among other problems.

Companies held hostage

Ransomware is no longer a threat that only affects large enterprises. Areas that threaten supply chains are also targeted, with cases where national security has been compromised, in Brazil and elsewhere.

In 2020, for example, we saw the Colonial Pipeline strike disrupt the flow of fuel to the east coast of the United States. The company faced operational chaos, and customers had to deal with fuel shortages and rising prices.

We also recently had an attack on SaaS company Kaseya, considered one of the most daring yet by ransomware gangs, infecting a system that, in most companies, IT administrators use to control their networks.

The attack affected around 1,500 companies at once, and required the payment of $70 million to release the encryption key.

Ransomware has become a major problem and is expected to continue impacting businesses and governments for years to come. So how to defend yourself?

Simply put: ransomware can ruin your business. Being locked out of your own files by malware for just one day will impact your revenue. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because the ransomware locks down the system, but because of all the effort required to clean and restore networks.

Double extortion techniques have become so common among ransomware gangs because the attacks work and many organisations are unfortunately giving in to ransom demands as cybercriminals become more persistent and aggressive. It is still not easy to trace the person responsible for the attacks. There are criminals acting alone and organised groups, some even sponsored by states and governments.

For organizations, the best way to avoid having to make a decision about paying cybercriminals is a network secure enough to prevent intrusions. Most often, ransomware attacks occur through human error-so easily guessed passwords and clicks on suspicious links-and outdated operating systems.

Cyber security procedures that can prevent network infiltration include applying security patches and constantly updating programs and systems. Alone, these measures are already capable of closing numerous doors that could be exploited by attackers.

In addition, many ransomware attacks begin with hackers exploiting insecure internet-facing ports and remote desktop protocols. As such, an organisation can ensure, unless it is essential, that ports are not exposed to the internet.

But if remote ports are required, let the login credentials have a complex password. Applying two-factor authentication to these accounts can also serve as a barrier to attacks, as there will be an alert if there are any unauthorised access attempts. With this, it lessens the chances of an account being breached and a criminal moving laterally through the network.

But none of this will have any effect if the company doesn't have a dialogue with employees about how to detect attacks and put digital security policies in place. Even if people, in general, are able to pick up small indicators of a scam, such as bad formatting of an email, or obscure addresses impersonating well-known brands, the discussion goes beyond a routine inspection. It is necessary to foster a cybersecurity culture, so that everything that is shared, developed and posted is ensured by protective mentalities and more prepared looks.

The data is part of the survey The IT Security Team: 2021 and Beyond, conducted by British consulting firm Vanson Bourne. The survey interviewed 5.4 thousand IT decision makers of medium-sized organizations from 30 different countries. In Brazil, 200 companies were interviewed.