Where will ransomware stand in the forthcoming years?
According to various statistics, ransomware attacks increased discernibly in 2019. The reason? The vulnerable state of organizations and the increasing level of sophistication seen in attack mechanisms. In other words, attackers are adapting very quickly and are well aware of the weaknesses in organizations’ networks, which leads to the high number of successful ransomware attacks.
According to EmsiSoft’s report on ransomware attacks in the United States, “the recovery cost from a ransomware attack is substantial, and companies would do well to consider these costs when budgeting over the next few years.” In the US alone, at least 113 government entities were impacted by ransomware in 2019. Ransomware is continuously attacking various institutions, ranging from health institutions to schools.
No one is safe from ransomware
Statistics presented in another report by Cybersecurity Ventures predict that businesses in 2021 will be victimized by ransomware every 11 seconds. That number is based on precise cybercrime statistics. Cybersecurity Ventures also estimate that the cost of a ransomware attack to businesses will be $20 billion in 2021. As for the global losses related to cybercrime, it is expected that the number will reach $6 trillion.
How do ransomware attacks against businesses happen?
Ransomware leverages various known vulnerabilities to gain access to systems. It turns out that some vulnerabilities are more common in ransomware attacks than others. According to RiskSense, nearly 65% of them targeted high-value assets such as servers. 35% of the vulnerabilities were old, from 2015 or earlier, with the WannaCry flaws still being deployed today.
“While not totally unexpected, the fact that older vulnerabilities and those with lower severity scores are being exploited by ransomware illustrates how easy it is for organizations to miss important vulnerabilities if they lack real-world threat context,” noted Srinivas Mukkamala, CEO of RiskSense.
Businesses running Windows 7 should switch to Windows 10
Support for Windows 7 ended on January 14th, 2020.
This event would put anyone who still hasn’t switched to Windows 10 to a greater risk of ransomware and malware attacks, as there will be no more security patches. Statistics show that 26% of computers would still be running Windows 7 after the end date of its official support (which is already a fact).
What else should businesses do?
Upgrade whatever software the company is running to the latest possible version. For small and medium-sized businesses, the best option would be to upgrade to an operating system that is supported, and regularly received security patches.
Businesses should also make sure they are up-to-date with patches while they can. Microsoft is offering the opportunity to buy ESUs (extended security updates) to access patches while they are migrating to newer software.
Businesses owners should also be prepared against ransomware with sufficient backup solutions. According to Veritas researchers, businesses should have three copies of their valuable data. Two of these copies should be on separate storage devices, and one should be air-gapped in an offsite location. Air-gapped data backups ensures the security of the data and is a reliable method of successfully restoring data.