Ransomware has become the most well-known threat among technical and non-technical end-users. The average technology user or employee in most organizations have learned about this threat through their cybersecurity and awareness training or maybe from the news. It is one of the top issues keeping CISOs and CIOs up at night and making senior executives and board members quite nervous. CISOs / CIOs are concerned about the resiliency of their network security and what might happen to their critical information. Ransomware is quickly climbing to the number one revenue generating stream for organized cyber criminals. These criminals are now running ransomware cloud service platforms – Ransomware-as-a-Service (RaaS).
There seems to be a reduction in large scale attacks, however, cyber criminals are focusing attacks on specific targets / organizations that are more vulnerable such as healthcare and the public sector. The healthcare sector is seen as a “Rich Target” to cyber criminals due to the lack of effective cybersecurity and risk programs. According to the Verizon 2019 Data Breach Investigations Report (Verizon DVIR), 70% of recent ransomware attacks were reported by healthcare organizations and 16% were in the public sector with local governments, city councils, and city operations incurring major financial costs.
Although ransomware comes in many flavors, the impact can create havoc within any organization. Like a disease, it doesn’t matter what the individual looks like (rich, poor, short or tall), once you are vulnerable you are at a higher risk of getting infected and hacked. This new threat is extremely effective due to its ability to evolve within a short period of time, sometimes as quickly as 24-48 hours. This is more than enough time to quickly find and encrypt data on mapped, unmapped, and network drives, along with smart phones connected to the network. It can even attack backups accessible via the network.
Stay tuned for more on prevention and response regarding ransomware attacks later this week.