Ransomware Attacks Are Becoming More Common and More Expensive
Did you know that the average ransomware demand in the first quarter of 2020 was $111,605? Ransomware is a type of malware that encrypts critical data so it cannot be accessed without a decryption key. Victims must, you guessed it, pay a ransom to get the key. The costs associated with a successful attack, which can far exceed the ransom, typically include investigation and remediation expenses and lost revenue due to downtime. Ransomware can also inflict insurmountable brand damage and reputational harm.
According to the Federal Trade Commission (FTC), hackers try to exploit network or server vulnerabilities to access a target’s data, but the malicious code used to launch ransomware attacks is often installed on devices and networks by:
- scam (phishing) emails that appear legitimate;
- infected websites; and
- online ads, which often appear on websites you know and trust.
The FTC recommends the following measures to reduce the risk of a successful ransomware attack.
- Have a Plan. Businesses need a plan to remain operational after a ransomware attack. Plans should be written and shared with those needing to know.
- Back up Data. Regularly save important data to a drive or server that’s not connected to a network. Make this part of your routine business operations.
- Update Security Software. Always install the latest patches and updates. Consider adjusting your settings to update automatically.
- Train Staff. Train all employees how to identify and avoid common threats. Provide examples of the most common ways devices and networks become infected.
If your business experiences a ransomware attack, the FTC recommends taking the following steps.
- Limit the damage. Immediately disconnect infected devices from your network.
- Contact Authorities. Immediately report the attack to local and federal authorities (local FBI office).
- Provide Required Notices. If data has been exposed, compromised or stolen, notify authorities and affected individuals pursuant to any applicable data breach notification laws.
Preventative measures can effectively reduce the risk of a ransomware attack, but they’re not foolproof. Every business should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.
The Human Equation prepares all risk management and insurance content with the professional guidance of Setnor Byer Insurance & Risk.