Why should you care about Ransomware?


Maybe because it occurs every 11 seconds.

Maybe because it's one of the more common malwares.

But regardless of the specific reason, you should care about Ransomware because it isn't going anywhere.  If 2020 was the year of Covid-19 it was likewise the year of Ransomware's predominance.  Nearly every single vertical has companies that were impacted in some way by Ransomware, and Ransomware payments topped $11 billion dollars in 2020.  And that's just the reported data.  The reality is that Ransomware attacks what is critical to every single vertical, company, and industry around the world - your data.

Your data is everything.  You can't afford to lose your contacts, your email, your contracts... all the communications you've had over the past year, month, week, day... even hour.  You definitely can't afford to be unable to access critical company infrastructure such as spreadsheets that contain your customer invoicing, or the proprietary information that allows you to compete with your competitors.

All of these things are data.  And your data is what Ransomware targets.  The goal of every Ransomware attack is simple - VERY SIMPLE - to go after the quickest means to encrypt and ransom back your information back to you.  That's it.  There may be tons of avenues by which the malware authors instruct the code to behave and to accomplish these tactics, but the basic attack strategy is simple.

So why is it so effective?

This is because Security is a Spectrum.  On one side of the spectrum you have 100% security, which involves no living people and no access or ability to function.  100% Security in some cases might just be that you destroy everything and therefore have nothing to secure.  In a cynical sense, that could be considered 100% security.  It isn't the kind you or I might deal in, but it's something.

0% Security is probably the companies you know that say they "can't afford security" or that they don't have anything on their systems to protect themselves.  They're working in a completely unsecured environment and are most certainly infected with some form of malware or another... and somehow have managed to evade getting a Ransomware attack... though that window probably hits 100% certainty in the course of several weeks at this point.

So where do you sit in that spectrum?  Obviously no one is going to throw the baby out with the bathwater and destroy their business in order to secure it.  Similarly, no reasonable person would throw their hands up in the air and do nothing about an existential threat that has dominated the cybersecurity space since 2016.

You're left with options.  And in many cases doing all of the options is probably the only way to "truly" find the best security efficacy... because security fails only when there isn't a back-up plan.

Example: Lets say you're aiming for 95% Security.  You have all your systems locked down, no admin rights, all your users are not admins and you only use admin accounts in specific circumstances.  You eventually may get hit by ransomware, but it doesn't impact anyone because it can't install.  That's a victory right? Wrong.  The ransomware missed that time, but what is your plan for when someone accidentally enables an application to utilize administrative privileges and that application gets compromised?  What if that application is your RMM that you use to monitor your users and deploy your security technology?  How do you handle that?

The answer... is having a plan and executing on it.  Having backups.  Knowing when that backup cycle is.  Having security that covers pre-incident, during incident, and post incident.

Utilizing an MDR offering that has a response that is beyond "emailing a user there's a potential breach" and takes action and locks down a device before it privilege escalates itself to owning your network.  That's what you need.

And if you aren't sure where on the Security Spectrum you might be... reach out to London Security.  We can sit down and talk to you about security goals and what we would recommend for your industry.  Your time is valuable, so give us 15 minutes and we'll make it work.  It's worth the time - so you don't have to spend days/weeks/months handling the aftermath of a severe breach.  Your future self will thank you.